There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information.
Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere.
With 81% of breaches leveraging either stolen or weak passwords, compromised credentials are key for an attacker. They are the means by which a malicious insider or external attack gains access to do harm.
But for a security administrator, it can be a daunting task trying to identify suspicious or malicious activity when the adversary has valid and authorized credentials.
Are Your Users to blame for Failing Security
Attackers love exploiting the naivety of employees because it’s so easy. All it takes is one successful phishing email to persuade just one employee to hand over their corporate login details.
Then a hacker effectively has a company key to a safe house of valuable information. And once that hacker gains entry to your systems, you’re not going to find out until it’s too late — your anti-virus and perimeter systems aren’t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.
While employees remain the biggest threat to a company’s security, blaming employees who have inadvertently been the victim of a phishing attack, is never the right route to take.
Educating users, whilst useful, is not enough to prevent a breach. We all know sharing passwords is a bad idea. But how many people would ignore this and fold under the pressure of their boss asking?
When it comes to wanting to guard against the threat of compromised credentials, our research into the access security priorities of 500 IT Security Managers highlighted the biggest barriers IT managers face.
It showed multi-factor authentication (MFA) solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.
Whilst it is often end-user security behavior that allows these credentials to be stolen, rather than blaming your users for being human (flawed, careless and often exploited), there is another option for IT managers to consider.
Contextual security with Compromised Credentials
Contextual security can be personalized easily to each employee to protect all users’authenticated logins.
It sets rules as to what constitutes normal login behavior (machine, device, location, time, session type, number of simultaneous connections etc.).
Any attempt that falls outside of these rules can either be denied automatically or alerts sent to administrators who can investigate and respond immediately.
These controls make compromised employee logins useless to attackers. It out-rightly restricts users from certain careless behavior such as password sharing or leaving shared workstations unlocked.
It also ensures access and actions are attributed to a single individual. This accountability discourages many malicious actions.
Contextual security for Windows systems
For Windows systems, UserLock is such as a solution that offers context-aware login rules, real-time monitoring and risk detection tools.
It works alongside Active Directory to guard against compromised logins, extending security, not replacing it.