80% of hacking-related breaches leverage compromised credentials

June 05, 2020//Ellen Neveux

We first wrote this blog in 2017 and we talked about The 2017 Verizon Data Breach Report that cited 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Today, with the 2019 results: things are pretty much the same; 80% of hacking-related breaches are still tied to passwords. 

Since the 2017 report (which had an increase from 63% in 2016 to 81% in 2017), news headlines of breaches involving compromised credentials that support these findings, so this report doesn’t shed new light on the issue. However, it should serve as a warning because the trend has continued to stay stagnant. Enterprises must take note that how network credentials are managed directly reflects overall security. Whether it’s internal employees or third-party vendors that need access, comprehensive authentication and access control should always be in place.

Passwords, and especially passwords with privileged access, are a target for hackers since they’re able to get so information from just one singular password. Not only is this an easy way for hackers to get into one account, but if your administrator doesn’t use unique passwords across different platforms (both professionally and personally), then there is a whole wealth of information that is available to take. So, what can we do to combat this (besides changing our passwords frequently, having unique passwords, and not sharing our passwords with anyone)? 

How Compromised Credentials Lead to Data Breaches

Unsurprisingly, privileged credentials open a lot of doors. However, not all company’s differentiate the access they give to admins, employees, and third-party vendor reps that need to support their applications. 

If mismanaged these keys are very dangerous. In many organizations, these credentials permit access to all corners of the network. Neglecting the process of secure access management creates particular vulnerabilities in the case of vendors and former employees.

When managing third-party remote access, the only way to ensure a vendor doesn’t compromise your network credentials is to never give them out. Remote support solutions should hide your network credentials and provide single sign-on (SSO) for vendors. Without this, vendors could share or store privileged credentials insecurely. This feature also helps to prevent “leapfrogging”, or the process of a technician launching additional connections from within the initial target host. If the technician is never aware of their password, they are prevented from trying to log into other systems with the same account.

Phishing and malware

One common way for hackers to get to these credentials is to use phishing. According to a Symantec Internet Security Threat Report, 71% of successful targeted attacks involved a spear-phishing attack. And due to that success, attackers seem to focus more refined, targeted attacks (i.e. spearphishing) versus the mass broadcast general attacks. 

With attackers more likely than ever to be able to establish a foothold on your network via phishing methods, defenders will want to strengthen their endpoint defenses to knock down the malware when it tries to infect off a click and also secure higher privilege credentials with technologies.

Sharing and reusing passwords

Sharing passwords among colleagues, both on purpose and on accident, can inadvertently lead to your credentials getting into the wrong hands. Sure, you might trust your coworker to access important accounts, but that doesn’t mean the password is safe. 

The deeper issue of password habits is that far too many users continue to rely on outdated practices that place their security at risk (e.g. writing down a password on a sticky note, or using easily guessed passwords). Keep in mind many people do not assume responsibility for having a weak, or crackable password. One of the most alarming aspects is that many people aren’t even aware of how risky their password behaviors are, or if they are, they accept the risks and simply take the easier, less secure route.

Here are some password best practices for you to implement if you haven’t already:

  • Require strong passwords.
  • Implement two-factor or multi-factor authentication.
  • If breached, all passwords must be reset. Merely suggesting this as a plan of action lets many consumers to just ignore it.
  • Never have the same password for all accounts/logins. So, if one of your passwords is stolen or misused, at least the access given to the bad actor is to one platform instead of all.
  • Practice what you preach. All password best practices should be used by internal and external employees.

How to prevent and mitigate data breaches due to compromised credentials

Privileged credentials tend to open a lot of doors that shouldn’t be open to most people, especially not external entities like vendors. If these credentials are mismanaged, stolen, or abused, these keys are very dangerous. In many organizations, these credentials permit access to all corners of the network. Neglecting the process of secure access management creates particular vulnerabilities in the case of vendors and former employees – an issue to which many organizations should pay close attention.

If you want to reduce the risks associated with privileged credentials– start by taking back the keys to your network. Vendors can’t compromise credentials they don’t have. Ensure that both internal and external people who have access to your network are abiding by the password rules you have set, usually in adherence to different compliance standards or internal rules (i.e. resetting your password every 90 days, you can’t repeat the same password, and your password needs to include characters other than letters). 

To learn more about how to protect yourself, even when allowing vendors onto your network, from data breaches tied to compromised credentials, download our vendor privileged access checklist that highlights exactly how you can ensure your vendors aren’t compromising your security. 

close close