The average number of breached data records, including credentials, per U.S.-based company, is an astounding number—28,500.
For cyberattackers, breached credentials, such as usernames and passwords, represent the keys to the kingdom. Cyberattackers who are trained in penetrating a company’s defenses easily can steal hundreds, or even thousands, of credentials at a time. The average price range for an individual’s compromised credential? One to eight dollars—per individual. This means that a criminal who has access to stolen credentials often sells them in huge quantities, making tens of thousands of dollars in the process. In many cases, criminals sell credentials to multiple buyers, meaning that organizations that experience breaches are often under digital assault from dozens, or even hundreds, of attackers.
This transaction all takes place in a mysterious place called the Dark Web, which is an ecosystem of digital communities that sits below the commercial internet. Regular browsers cannot access Dark Web websites, which end in .onion, instead of the surface web’s more common .com, .org, or .gov.
While there are legitimate purposes for the Dark Web, it is estimated that more than 50 percent of all such sites are used for criminal activities, with the most common of those being the disclosure and sale of digital credentials that are used to log into consumer sites, e.g., email services, travel sites, banking, and social media. Even more unsettling is that even if a mission-critical communications agency’s staff members are not accessing these third-party consumer websites from the agency’s network while they are in the workplace, it is likely that they are using the same credentials to access their workplace’s critical business applications.
Passwords represent a 20th-century solution to a modern-day problem. It is estimated that 39 percent of adults in the U.S. use the same or very similar passwords for multiple online services, corporate and consumer.
There are four common ways in which cybercriminals compromise credentials to launch a cyberattack:
Once attackers gets their hands on compromised credentials, they can launch cyberattacks, such as:
While there is always a risk that attackers will compromise a company’s systems through advanced attacks, most data breaches exploit common vectors, such as known vulnerabilities, unpatched systems, and unaware employees.
Agencies should implement proactive cybersecurity tools, e.g., network, system and device monitoring, data leak prevention, multifactor authentication, and employee security awareness training, and to protect their organizations from the perils of the Dark Web.
Mission Critical Partners offers a complimentary Dark Web Compromise Report to mission-critical communications agencies that identifies the number of credentials that already have been exposed in your organization, and which present a major risk to your organization’s services, such as Office 365, payroll, virtual private networks (VPN), remote desktops, and other systems, including your computer-aided dispatch (CAD) and call-handling systems and more.
Request one at no cost here and one of our cybersecurity experts will be in touch.
Security Training: A Key Element of a Strong Cyberrisk Prevention Program
If You Do Nothing Else, Implement Multifactor Authentication to Head Off Cyberattacks