While dark web scans and strong password set ups are recommended protocols, some experts suggest a passwordless authentication as a safe bet
Apart from ransomware attacks that allow cybercriminals to illegally earn money, over $3000 worth of stolen corporate credentials also end up on the dark web for sale. Experts reckon that financial loss is not the only unfortunate outcome for such compromised enterprises, stolen credentials can include tarnished brand reputation, increase in insurance premiums, and loss of intellectual property.
In 2020, there was over a 429 percent increase in corporate login details. It is estimated that an average company might have 17 sets of credentials on the dark web for cybercriminals. SpyCloud’s 2021 Report: Breach Exposure of the Fortune 1000 also reported around 26 million Fortune 1000 business accounts and over 500 million employee credentials to have sprouted on the dark web. Such advanced and persistent threats to a single employee’s credentials can spread laterally across the network and cause irreparable damage to the company. Experts recommend some cybersecurity strategies for the security of corporate credentials.
Around 29 percent of stolen passwords are weak. Cybersecurity experts have always warned enterprises to use strong and unique passwords across accounts and systems. Yet, LastPass by LogMeIn in the results of their 3rd Annual Global Password Security Report, study, reveals that an employee uses the same password 13 times. It is recommended for enterprises to provide password manager access to their employees. The experts reckon this approach might reduce the possibility of employees reusing the same password across applications. Additionally, Microsoft research reveals that it is possible to block account takeover attacks with MFA.
Educating employees is imperative, and it has to be more than repetitive lectures. A safety awareness training program can teach them about the benefits of using a VPN and discourage them from the dangers of oversharing information online.
A dark web scan is another recommended protocol to safeguard corporate credentials. While there are several vendors and tools that can run dark web monitoring, it is crucial to not just scan the web once. Continuous monitoring through a long-term investment in dark web monitoring software can potentially keep the company and its components safe from falling into the cyber black market. An additional element to this strategy would be to set up dark web alerts. It might give the company enough time to take action before hackers obtain full credential details with malicious intent.
Other cybersecurity experts reckon passwords should be eliminated altogether. An Okta survey also revealed that over 50 percent of users are annoyed with the continuous manipulation of the password system. With over 80 percent of breaches caused by compromised credentials, businesses should turn to passwordless authentication. With little need for remembering code words to log into an application or network, there might be fewer chances for hackers to breach.
LastPass by LogMeIn’s new report “From Passwords to Passwordless reveals that 92 percent of companies agree with passwordless authentication being the most sought-after security system in the near future. Instead, an identity-based security system with a possession factor like hardware token or an inherent factor like a fingerprint can strengthen the enterprise’s security against the dark web menace and enhance user experience simultaneously.
For more such updates follow us on Google News ITsecuritywire News.