Credential Theft Is (Still) A Top Attack Method

1 month ago 45

Credential Theft

Credential theft is intelligibly inactive a problem. Even aft years of warnings, changing password requirements, and aggregate forms of authentication, password stealing remains a apical onslaught method utilized by cyber criminals.

The latest report from the Ponemon Institute shares that 54% of information incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren't revoking credentials that are nary longer needed, meaning passwords tin spell unattended and dormant similar a sitting duck (similar to what happened with Colonial Pipeline). And Verizon's Data Breach Investigations Report cites that astir 50% of each information breaches were caused by stolen credentials.

The stats don't lie. Cybercriminals are advancing, there's nary doubt, but if there's an enactment to instrumentality the way of slightest resistance, they'll instrumentality it. Too often, that means compromising passwords and exploiting susceptible entree points.

Credential Theft and Critical Access

The Verizon study besides states that stolen credentials are astir often utilized to people immoderate signifier of a web application. Web applications are 1 of the apical onslaught vectors, according to the report, which is simply a occupation considering organizations crossed industries are uncovering integer solutions and utilizing internet-enabled exertion to streamline operations. Take the manufacturing industry, for example: if a PLC malfunctioned, a contractor oregon vendor utilized to physically hole the contented astatine the manufacturing facility. Now, the repairs tin beryllium done remotely since PLCs tin beryllium connected to the internet, and third-party technicians tin usage remote access to link to and hole the PLC.

The healthcare assemblage faces the aforesaid situation. Healthcare facilities usage internet-enabled devices to rapidly stock data, entree diligent records, and assistance entree to distant vendors to link to machines.

We're successful an evolving, integer epoch wherever companies tin go much efficient, productive, and profitable by automating tasks and introducing caller exertion to their workflow. But, since a batch of that involves connecting devices to the net and granting distant entree to third-party vendors arsenic we've conscionable seen, it besides means introducing hazard astatine each entree point.

If you tin usage the net to entree an plus (whether that's a network, server, oregon data), truthful tin a atrocious actor. And if you tin usage credentials to unlock it, conjecture what – truthful tin a atrocious actor. Add third-party distant access into the premix and you person a nasty operation of vulnerabilities.

Organizations request to play catch-up erstwhile it comes to the information of their credentials, IoT, and third-party vendor connections. If they don't, they'll beryllium playing a antithetic benignant of catch-up: remediating each the harm a atrocious histrion has already done.

Protect Credentials With Password Vaults

It mightiness look similar the occupation is unavoidable. We're creating a imaginable gateway for a atrocious histrion to exploit each clip we make a password that leads to a captious resource, whether that password is meant for an interior oregon outer user.

For those who person gone excessively agelong thinking, "I don't request to interest astir password management," — it's clip to worry. Or it's astatine slightest clip to bash thing astir it. Credentials are the keys to the kingdom, whether that means they tin get you down the road to the full kingdom via third-party distant entree oregon they instrumentality you straight to the kingdom of ngo captious assets and resources. Either way, protecting credentials by utilizing password vaults is arguably the champion mode to negociate passwords and guarantee they enactment retired of the incorrect hands.

Found this nonfiction interesting? Follow THN connected Facebook, Twitter and LinkedIn to work much exclusive contented we post.

Read Entire Article