Some Strategies To Deal With Credential Hacking

    Current factors working against the cybercriminal marketplace include COVID-19’s ripple effects and lack of confidence due to increased involvement of law enforcement. But any remaining skepticism about the sheer magnitude of this shadow economy was shattered with a recent research publication showing that some 15 billion login credentials are circulating in the cybercriminal underworld, the product of 100,000 breaches in recent years.

    The hacked products have to end up somewhere when a data loss event happens. Now it seems that the supply of compromised usernames and passwords for everything from domain admin accounts to anti-virus software to bank accounts is filling the far recesses of the internet. Credentials fetch anywhere from a few bucks each to several thousand per entry, depending on the value of the account.

    It is possible that a compromised organization has or will soon cough up your personal details given the scale. But you can take action as a security professional to help counter the exponential growth of dark web credentials by a) not contributing to the issue and b) holding your guard against any compromised information being used against your company, all while guaranteeing your team’s full productivity. A big part of it is automation.

    A three-step strategy to minimize risks from the Dark Web:

    1. Eliminating The Sources

    Attackers usually turn to phishing or malicious spam attacks in order to fetch their victims’ credentials. Perhaps their aim is just that: to pilfer someone’s login details as a means of committing account takeover fraud or compromise with business email. A recent audit actually turned up two million accounting department-related email addresses. In other instances, in order to advance a much larger agenda within a targeted organization, attackers look to pry credentials, as these “keys” may allow them to move laterally with the intention of ransacking the database or installing sophisticated malware. You may respond by enlisting common-sense approaches to social engineering management, as well as introducing security automation to speed up and streamline your response to instances of phishing and malware.

    2. Train Employees On Good Security Hygiene

    When it comes to ensuring that you and your employer are protected from the tentacles of cybercriminals, workers can be their own worst enemy, particularly now, with most of them working remotely. Education for security awareness is important, but it is not possible to rely on workers alone to always make the correct decisions. Software, like VPNs, password managers, and two-factor authentication can help them along, as does limiting privileges to the minimum amount of permissions necessary to perform their work.

    3. Collect And Apply Dark Web Information With A SOAR Use Case

    In recent years, dark web surveillance services that trawl the popular places from which stolen data is dumped or purchased and sold have been in demand by businesses seeking greater insight into the location of personal information of their employees or customers. But the process of assessing the validity of the results of the monitoring tool, closing false-positive cases, and implementing resets or lockouts of account passwords can be time-consuming and tedious. Security orchestration, automation and response (SOAR) happens to be an appropriate technology that can enable security teams through custom playbooks to resolve these pain points while also ensuring that passwords are not revealed to analysts at the same time and dramatically decreasing the time span in which credentials have to be abused by criminals. Furthermore, SOC workers are released to work on strategic projects, such as hunting within the network for active threats.

    Latest data security solutions with a wide range of features allow you to deploy state-of-the-art technology that ensures comprehensive ERP data security for your enterprise.

    Recent Articles

    Identity and Access Management: Some Challenges

    In today's digital age, there are more apps that are cloud-based, more resources, more devices, and more users. 94 percent of Chief...

    Insider Threats: Some Ways Of Detection and Prevention

    The leading cause of data breaches worldwide is insider attacks, and it is also among the most expensive. As per a recent...

    Strategies To Deal With Identity Management Oversights

    In today's digital age, the foundations of companies' cybersecurity are focused on 'identity.' In fact, the new digital perimeter is identity. Businesses...

    Tips To Prevent Business Risks in SAP Transactions With Access Control

    Since SAP's controls that are harnessed by fraudsters have certain crucial vulnerabilities, SAP transactions could be a fertile ground for data theft...

    Tips To Enable Easy Access To ERP Applications

    In this digital era, enabling mobile access to ERP data is one of the main priorities for many enterprises. And it has...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox