As explained earlier in our post on prevention, a cyber attacker goes through several steps to enter a device or a network and manipulate or exfiltrate data from it. That sequence of actions is described in the cyber kill chain. In a first stage, the hacker tries to intrude a system via phishing emails (intrusion stage), to then seek vulnerabilities to exploit inside your system. While vulnerabilities in software, firewalls, etc. used to be main entrypoint for cybercriminals, identity fraud or theft is now definitely one of the most popular ways of penetrating a network or device.
Cyberattackers figured out that compromising an end user’s identity and credentials is an easy way for them to gain access to sensitive data. So, increasingly, they try to force their entry by credential harvesting: stealing a password or other login data. Credential harvesting comes in many different flavours: from phishing emails that contain links to malicious websites and malware to digital scammers.
"81% of breaches leverage either stolen, default, or weak credentials."
Verizon 2023 Data Breach Investigation Report.
If they fail to lay their hands on your credentials, they can attempt brute force attacks, which are based on trial and error: they try numerous different combinations of passwords until one finally works, just like a thief who tries to crack the code of a safe… Once they manage to enter via one password, they can move laterally from one system to another to gain access to more – often more privileged – acounts, sensitive data or critical systems.
There are a series of simple precautions you can build into your standard operating routines to prevent unauthorized identity fraud or theft, starting with safe password management and two-factor authentication. The Conditional Access feature in Microsoft Defender 365 ensures more advanced protection. Thanks to the dashboard functionality, your IT, security or compliance team gets insights on all the breaches that occur – ready to act if needed.
Here too, never underestimate the impact of your employees. Let them know that they have to remain vigilant and build precautions into their standard operating routines. Give them password tips (what’s a good password, never reuse your password, …) and highlight that no credible supplier, bank or website would ask for their password over e-mail.
A combination of the right precautions and advanced technology will help your outsmart cybercriminals and keep them out of your system. Yet, what do you do if they do get in? How do you protect your data from being stolen or tampered with? We’ll explain all about that third step in our next blog posts on security in the digital workplace.