As explained earlier in our post on prevention, a cyber attacker goes through several steps to enter a device or a network and manipulate or exfiltrate data from it. That sequence of actions is described in the cyber kill chain. In a first stage, the hacker tries to intrude a system via phishing emails (intrusion stage), to then seek vulnerabilities to exploit inside your system. While vulnerabilities in software, firewalls, etc. used to be main entrypoint for cybercriminals, identity fraud or theft is now definitely one of the most popular ways of penetrating a network or device.
50 – and many more – ways to steal your identity
Cyberattackers figured out that compromising an end user’s identity and credentials is an easy way for them to gain access to sensitive data. So, increasingly, they try to force their entry by credential harvesting: stealing a password or other login data. Credential harvesting comes in many different flavours: from phishing emails that contain links to malicious websites and malware to digital scammers.
"81% of breaches leverage either stolen, default, or weak credentials."
Verizon 2023 Data Breach Investigation Report.
If they fail to lay their hands on your credentials, they can attempt brute force attacks, which are based on trial and error: they try numerous different combinations of passwords until one finally works, just like a thief who tries to crack the code of a safe… Once they manage to enter via one password, they can move laterally from one system to another to gain access to more – often more privileged – acounts, sensitive data or critical systems.
Outsmarting identity thieves
There are a series of simple precautions you can build into your standard operating routines to prevent unauthorized identity fraud or theft, starting with safe password management and two-factor authentication. The Conditional Access feature in Microsoft Defender 365 ensures more advanced protection. Thanks to the dashboard functionality, your IT, security or compliance team gets insights on all the breaches that occur – ready to act if needed.
- Password safety
Avoid using bad passwords or reusing passwords and block legacy authentication. - Multi-factor authentication (MFA)
Setting up multi-factor authentication is a powerful step to boost security. With MFA, knowing or cracking a password won’t be enough for the cyberattacker to gain access. This extra barrier and layer of security makes it difficult for hackers: MFA can block over 99.9% of account compromise attacks. - Conditional Access in Microsoft Defender
Your Microsoft 365 E5 Security Plan includes, as standard, Conditional Access policies. Conditional Access policies are if-then statements: when this happens, then do this. For example, if someone from an unfamiliar location wants to access your network, they will be blocked. Microsoft provides some already configured policies (Baseline policies), yet you can also create your own ‘custom’ Conditional Access policies.
Keep in mind: don’t forget about employee awareness
Here too, never underestimate the impact of your employees. Let them know that they have to remain vigilant and build precautions into their standard operating routines. Give them password tips (what’s a good password, never reuse your password, …) and highlight that no credible supplier, bank or website would ask for their password over e-mail.
Preventing data breaches
A combination of the right precautions and advanced technology will help your outsmart cybercriminals and keep them out of your system. Yet, what do you do if they do get in? How do you protect your data from being stolen or tampered with? We’ll explain all about that third step in our next blog posts on security in the digital workplace.