Irrespective of size, industry or geography, the vast majority of organizations have credentials exposed online.
Credential compromise is not new, but the frequency of appearance of compromised credentials online has increased. Dumps of stolen credentials are regularly sold, traded and shared online across paste sites, file-sharing sites and online marketplaces.
As a result, the number of compromised credentials that are available online is staggering, providing a goldmine for attackers. With this in mind, it is unsurprising that, as one report claimed, breached credentials were responsible for 63 percent of data breaches.
For the companies that were the source of the breach, there are clear reputational, brand and financial implications. However, the consequences of these breaches extend far beyond these companies. Organizations with employees who have reused corporate emails and passwords can be at risk of account takeovers, credential stuffing and extortion attempts.
Large data breaches often come from very large organizations, which have become a target for threat actors. However, organizations of all sizes are impacted by data breaches. But how can organizations better prepare for and mitigate against such instances?
A whitepaper issued by Digital Shadows highlights ten tips for preparing for compromised credentials.
1. Establish a policy for which external services are allowed to be associated to corporate email accounts. Although social media accounts were the most common source of leaked credentials, dating and gaming services were also common.
2. Implement an enterprise password management solution. This is not only great for secure storage and sharing but also strong password creation and diversity.
3. Understand and monitor approved external services for password policies and formats to understand the risks and lowest common denominators.
4. Proactively monitor for credential dumps relevant to your organization’s accounts. Consider additional monitoring for your high value target’s (e.g.: executives) non-enterprise accounts.
5. Internally (or with the help of an external service) evaluate credential dumps to determine if the dumps are new or have been previously leaked. In total, 10% of all claimed credential compromises were duplicates.
6. Implement multi-factor authentication for external facing corporate services. This might include services like Microsoft Outlook Web Access, and Secure Sockets Layer Virtual Private Networks, as well as for software-as-a-service offerings like Google Applications, Of ce365, and Salesforce.
7. Understand and document any internal services that aren’t federated for faster and more complete incident response to any breach that impacts an organizational account.
8. Ensure that you have an emergency password reset process in place. Make sure that all of the users’ accounts are included, not just Microsoft Active Directory accounts.
9. If you have any user behavior analytics capabilities, import compromised identity information and look for any suspicious activity (e.g.: accessing resources that have not been accessed in the past.)
10 Update security awareness training to include the risks associated with password reuse. Encourage staff to use consumer password management tools like 1Password or LastPass to also manage personal account credentials.