Just reflect on the below:
LinkedIn
2021
700 Million peoples data breached
Facebook
2019
533 Million peoples data breached
Twitter
2018
330 Million peoples data breached
Canva
2019
137 Million peoples data breached
Dropbox
2012
69 Million peoples data breached
Uber
2016
57 Million peoples data breached
EasyJet
2020
9 Million peoples data breached
Marriott
2020
5.2 Million peoples data breached
Zoom
2020
0.5 Million peoples data breached
For most organisations, one if not many of their staff will have had an account with one of the above. One of their team might even had been so unlucky as to have their data compromised.
This sounds like a menial threat though, who cares if a member of staff had their username and password breached?
Well that’s until you consider the amount of people using the same username and password across multiple accounts. It is considerably higher than most people think. Notable studies found the below:
Last Pass Study
59% of people reuse the same username and password across multiple accounts
Google Study
65% of people reuse the same username and password across multiple accounts
Risk for Organisations
The risk for organisations isn't always the direct threat of being breached. It's the threat of being breached through indirect means. A member of staff having their credentials breached through a third party such as LinkedIn, as it transpires that they've used the same credentials for other platforms and hackers exploit that.
The risk is growing, since 2020, the amount of hacked credentials available on the dark web has increased by 65%.
What Should an Organisation do?
There are many steps an organisation can take to mitigate their risk of becoming breached through leaked credentials that are harvested and used to mount more significant attacks:
Scan the Dark Web
Regularly scanning the dark web for leaked credentials relating to your domain is a proactive step. So that you have visibility of when and where credentials relating to your domains have been breached. You can then take proactive steps for password resets etc.
Use secure password management
Make it easier for your staff to have stronger passwords by using secure password management software.
Access Controls
Such as multi-factor authentication, password complexity, password reset policies etc.
Staff Awareness Training
Educate staff on the risks and best practices that they should follow.
Security Audits
Conduct regular security audits to understand weaker areas within your ecosystem.
Monitor for suspicious activity
Adopt tools such as EDR/MDR/XDR solutions to monitor for suspicious activity and lock it down should a breach occur.
If you want to minimise your risk, or would like to know more about how to implement some of the above best practices then speak to a consultant at EquiTech Group:
Phone - 01604 346 444
Email - info@etg365.co.uk
Comments