top of page
Search
EquiTech

Understanding the Risks of Third-Party Data Breaches and Protecting Your Company's Credentials

Just reflect on the below:

  • LinkedIn

    • 2021

    • 700 Million peoples data breached

  • Facebook

    • 2019

    • 533 Million peoples data breached

  • Twitter

    • 2018

    • 330 Million peoples data breached

  • Canva

    • 2019

    • 137 Million peoples data breached

  • Dropbox

    • 2012

    • 69 Million peoples data breached

  • Uber

    • 2016

    • 57 Million peoples data breached

  • EasyJet

    • 2020

    • 9 Million peoples data breached

  • Marriott

    • 2020

    • 5.2 Million peoples data breached

  • Zoom

    • 2020

    • 0.5 Million peoples data breached

 

For most organisations, one if not many of their staff will have had an account with one of the above. One of their team might even had been so unlucky as to have their data compromised.

 

This sounds like a menial threat though, who cares if a member of staff had their username and password breached?

 

Well that’s until you consider the amount of people using the same username and password across multiple accounts. It is considerably higher than most people think. Notable studies found the below:

 

  • Last Pass Study

    • 59% of people reuse the same username and password across multiple accounts

  • Google Study

    • 65% of people reuse the same username and password across multiple accounts



Risk for Organisations

The risk for organisations isn't always the direct threat of being breached. It's the threat of being breached through indirect means. A member of staff having their credentials breached through a third party such as LinkedIn, as it transpires that they've used the same credentials for other platforms and hackers exploit that.

 

The risk is growing, since 2020, the amount of hacked credentials available on the dark web has increased by 65%.


What Should an Organisation do?

There are many steps an organisation can take to mitigate their risk of becoming breached through leaked credentials that are harvested and used to mount more significant attacks:

  • Scan the Dark Web

    • Regularly scanning the dark web for leaked credentials relating to your domain is a proactive step. So that you have visibility of when and where credentials relating to your domains have been breached. You can then take proactive steps for password resets etc.

  • Use secure password management

    • Make it easier for your staff to have stronger passwords by using secure password management software.

  • Access Controls

    • Such as multi-factor authentication, password complexity, password reset policies etc.

  • Staff Awareness Training

    • Educate staff on the risks and best practices that they should follow.

  • Security Audits

    • Conduct regular security audits to understand weaker areas within your ecosystem.

  • Monitor for suspicious activity

    • Adopt tools such as EDR/MDR/XDR solutions to monitor for suspicious activity and lock it down should a breach occur.

 

If you want to minimise your risk, or would like to know more about how to implement some of the above best practices then speak to a consultant at EquiTech Group:

 




 

Comments


bottom of page