Inside Threats Via Compromised Credentials

August 28, 2016

In the recent SC Magazine Survey, commissioned by SecureAuth, 62% of respondents say they are most concerned about insiders compromising the corporate network, whether that is intentional or unintentional. Following employees, the next group of most concern is suppliers and partners. We have seen this as a real threat in past data breaches such as the Office of Personnel Management (OPM) where a partner’s credentials were hacked and then attackers used those credentials to move into the OPM’s network. These statistics lead to the conclusion that CISO’s are more concerned with who is already in their network, and preventing attackers or employees from getting proprietary data off their network rather than focusing on keeping intruders out. 

One of the main reasons that internal attacks may seem soSocial-Image-Typing.jpg high is because employee credentials are being stolen by attackers who then use those credentials to get a foothold in the network, making it appear as an internal threat. Even if the user changes their password, attackers use keylogger software to record every keystroke to capture  the new password, making it so the attacker doesn’t even miss a beat. Therefore, an organization needs to use more than just the passwords as their access control system. By adding Two-Factor Authentication, the organization can limit the usefulness of stolen passwords, since the attacker won’t be able to get back in without the added second factor information. 

In addition, Adaptive Authentication verifies a user’s identity, and limits the use of stolen credentials. Comparing information about the user’s established norms via device fingerprinting, geo-location, IP address, etc. an organization can identify an attacker using legitimate credentials and either challenge them by asking for a second factor of identification or lock them out completely.
 
To learn more about Adaptive and Two-Factor Authentication visit our website

  • SecureAuth

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!