It is common for people to believe cybersecurity events are caused by expert hackers performing a direct attack on a company and using specialized tools to gain unauthorized access to a network. However, a large majority of attacks take advantage of low-effort attack strategies and utilize authorized credentials that have been stolen and allow bad actors to easily access a company’s network without being detected. These credentials are often stolen through phishing campaigns or bought off the dark web after a data breach, but SMBs can take steps to make these credentials outdated and prevent attacks from happening. In this article, we want to talk about some of the most common ways hackers gather and use valid credentials for attacks.
Former Employee Credentials
If a company does not regularly deactivate old employee accounts or remove access privileges associated with old employee accounts, then hackers can use them to stage attacks. A malicious actor can gain access to the defunct account by guessing the password using clues from other data breaches associated with that account and then log in with a set of valid credentials. Once access to the account has been established, hackers can then steal data or begin to launch additional attacks that execute code on the network or escalate the account’s privileges. Cleaning up old accounts is a priority because IT staff may not monitor older accounts closely enough to catch suspicious activity early.
Sometimes employees don’t maintain a high standard for their passwords, and this poor password hygiene can lead to malicious actors gaining access to a company’s network without much effort. If default passwords are left on accounts or other services, hackers will gain access quickly because they will sometimes attempt default passwords before resorting to other password cracking methods. Easy to guess passwords – such as ‘password’ – can also lead to malicious account access because hackers can attempt to log into known email accounts using generic passwords just to try and take advantage of someone’s poor password hygiene.
Dark Web Leaks
As employees sign up for services and accounts using their work email, it’s possible that those passwords or pieces of personal information are leaked onto the dark web by a data breach at that third party company. Malicious actors can then use the leaked information to gain access to their work account’s password or have the information needed to guess it in a short amount of time. This means an employee’s account can become compromised without anyone realizing until it’s too late. To protect against this attack strategy, SMBs should encourage strong password hygiene and have employees regularly change their passwords to something new and unique.
Unlike in the movies, cyberattacks often happen in mundane ways that are easily preventable with the right due diligence. SMBs should remember to shutdown former employee accounts, change default credentials regularly, avoid generic passwords, and encourage the regular renewal of passwords for important user accounts. To take your cybersecurity one step further, you can also work with an IT consultant like Robinett Consulting to implement security solutions, such as multifactor authentication and endpoint protection, to better prevent cybersecurity events, no matter how bad actors gain access to your network!
Complimentary 30 Minute Consultation
Book your complimentary consultation with one of our team members to see how we can meet your needs in equipment, security, software, and staff.