CIOs go to great lengths to ensure only authorized users access the network and then gain access only to the resources assigned to them. Apart from the myriad reasons, this is best practices, allowing only authorized users access keeps bad actors away from sensitive resources and information. With the rising difficulties to breach the perimeter, attackers have a much easier way in – compromised credentials. These stolen username/password combinations are not that difficult to obtain. From credential dumps for sale of the dark web to phishing scams and key loggers, chances are that more than one employee in your company has their credentials posted for sale.
Now that bad actors have your employees’ credentials, they can use them to remotely access the network, target certain employees in spear-phishing attacks, and introduce malware into the network via email.
Once the attack is inside your network it is much harder to detect and contain. Therefore, knowing which credentials have been compromised and when, is key in protecting your network. The simple knowledge about compromised accounts can mean the difference between taking decisive action and protecting your network, and obliviously falling victim to a cyberattack.
Acquiring real-time threat intelligence gives you, among other benefits, information on accounts of compromised credentials belonging to your users. Threat Intelligence offers you an outside perspective of your company. Essentially, how an attacker sees your company and what they can use to attack it.
Obviously, knowledge alone is not enough, and immediate steps should be taken as soon as we find indications of leveraging elements an attacker can use against your company.
Among these preventive steps are:
Immediately reset the user’s password
Inform the user not to their corporate credentials for private purposes such as social media
Brief the user on the breach and the credentials that were found and if their personal information has been compromised. Also, let them know they should be more vigilant against phishing attempts.
Monitor the compromised accounts more closely.
In extreme cases consider changing account name.
In conclusion, knowledge and action are the best tools your company has in preventing cyberattacks.
CIOs should act beyond "perimeter security" and extend their reach and perspective to better protect their network and their company.