Credential Theft is On the Rise! Here’s How to Protect Your Logins
A recent study of 2019 data breaches around the world by Verizon, showed a disturbing trend. Cybercriminals are going after login credentials with a vengeance.
The 2020 Data Breach Investigations report included three key data points that illustrate credential theft is on the rise and a major concern, these include:
- The new #1 form of malware used in breaches are password dumpers (malware designed to steal login credentials)
- 77% of all cloud data breaches are due to compromised credentials
- The #1 type of information that is sought after in phishing attacks are login credentials
Each of these different data points illustrates the dangerous trend of hackers targeting company cloud accounts.
Why Go After Cloud Accounts?
There are a few different reasons that hackers are focusing on getting company login credentials to cloud accounts.
One reason is that most business data is now being stored in the cloud, so hackers are going where the data is.
Another is that due to IT security safeguards that cloud providers put into place, it’s much more difficult for hackers to break into accounts using malware and other tactics. In fact, another statistic that from the Verizon report was that about 70% of all data breaches happen to on-premise assets and only 24% to cloud assets. That’s because cloud assets are typically well protected.
So, to bypass those safeguards, they steal login credentials. Login credentials give a hacker the key they need for access and the ability to bypass security safeguards.
A third reason criminals find cloud accounts such a rich target is that they can often get more than just sensitive files when they get in. They can access company email for sending phishing attacks and potentially get their hands on more login credentials which they can sell on the Dark Web.
Password Security Protections You Should Be Using
With so much focus on getting business login credentials, you should ensure your UK firm has password security protections in place.
Just like any type of cybersecurity strategy, you want to apply several layers of protection.
Force Use of Strong Passwords in Accounts
You can tell users to use strong passwords that are unique for each business account they use, but it’s not usual for people to fall back into bad password habits.
These include using weak passwords and reusing passwords across multiple accounts. 65% of people reuse passwords across different accounts.
One way that you can at least ensure that strong passwords are being used is to set up your cloud accounts to reject weak passwords. This can be done in the administrative settings as a safeguard.
You want to use best practices for strong passwords, including:
- Using at least one number and one symbol
- Having a length of at least 10 characters
- Using at least one upper-case letter
Use a Business Password Manager
Trying to remember all the passwords used on a daily basis can be nearly impossible for most people, especially if they’re passwords that are strong. This causes people to store passwords insecurely in unprotected spreadsheets or their contacts list.
You can solve this issue and keep passwords more secure by using a business password management application. A password manager is an encrypted vault that can store all of an employee’s passwords. They only have to remember a single password to get in.
A password manager has multiple benefits, including:
- Helps ensure unique passwords for all logins
- Can also securely store other sensitive information like credit card details
- Allows companies to have access to all accounts (so they’re not locked out of an account if a key employee leaves)
- Reduce the time spent going through password resets
Put Multi-Factor Authentication (MFA) In Place
MFA is one of your biggest defences against account breaches. It requires an additional step before allowing a user to log in which means the username and password isn’t enough to breach your account.
With MFA in place on an account, the user must also input a code that is sent to a pre-approved device. The code is time sensitive and usually has to be input within 5-10 minutes of it being sent.
This stops credential thieves in their tracks because they don’t have possession of the device that receives the MFA code.
How effective is multi-factor authentication?
According to Microsoft, who sees about 300 million fraudulent sign-in attempts per day, MFA can stop 99.9% of attempted account hacks.
By deploying all these layers of password security…
- Forcing strong passwords in apps
- Having employees use a password manager
- Using multi-factor authentication
… you can ensure your accounts and the data and resources they hold are completely protected.
Get Help Setting Up Credential Security Today
Enable Technology can help your UK business put the layered protections in place to keep hackers from compromising your cloud accounts.