Saturday, December 9, 2023

Important Considerations for Security Administrators to Guard Against Compromised Credentials

There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information.

Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere.

With 81% of breaches leveraging either stolen or weak passwords, compromised credentials are key for an attacker. They are the means by which a malicious insider or external attack gains access to do harm.

But for a security administrator, it can be a daunting task trying to identify suspicious or malicious activity when the adversary has valid and authorized credentials.

Are Your Users to blame for Failing Security

Attackers love exploiting the naivety of employees because it’s so easy. All it takes is one successful phishing email to persuade just one employee to hand over their corporate login details.

Then a hacker effectively has a company key to a safe house of valuable information. And once that hacker gains entry to your systems, you’re not going to find out until it’s too late — your anti-virus and perimeter systems aren’t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.

While employees remain the biggest threat to a company’s security, blaming employees who have inadvertently been the victim of a phishing attack, is never the right route to take.

Educating users, whilst useful, is not enough to prevent a breach. We all know sharing passwords is a bad idea. But how many people would ignore this and fold under the pressure of their boss asking?

When it comes to wanting to guard against the threat of compromised credentials, our research into the access security priorities of 500 IT Security Managers highlighted the biggest barriers IT managers face.

It showed multi-factor authentication (MFA) solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.

Whilst it is often end-user security behavior that allows these credentials to be stolen, rather than blaming your users for being human (flawed, careless and often exploited), there is another option for IT managers to consider.

Contextual security with Compromised Credentials

Contextual security can be personalized easily to each employee to protect all users’authenticated logins.

It sets rules as to what constitutes normal login behavior (machine, device, location, time, session type, number of simultaneous connections etc.).

Any attempt that falls outside of these rules can either be denied automatically or alerts sent to administrators who can investigate and respond immediately.

These controls make compromised employee logins useless to attackers. It out-rightly restricts users from certain careless behavior such as password sharing or leaving shared workstations unlocked.

It also ensures access and actions are attributed to a single individual. This accountability discourages many malicious actions.

Contextual security for Windows systems

For Windows systems, UserLock is such as a solution that offers context-aware login rules, real-time monitoring and risk detection tools.

It works alongside Active Directory to guard against compromised logins, extending security, not replacing it.

Transparent to the end user, UserLockensures employees remain productive and are not continually interrupted with additional security steps.

In addition as an alternative for MFA, it also works well alongside MFA. UserLock acts a protection for all users whilst MFA can also be deployed for more privileged or ‘risky’ users.


Latest articles

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles