CALL TODAY! +1 212 222 7061
  • Home
  • Contact Us
  • Blog
  • 24×7 Cyber 911 Response
Report incident
  • IR & Forensics
    • Digital Forensics Services
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Proactive Security
    • Proactive Cyber Defense Services
    • Managed Threat Hunting & Response
    • Remote Cybersecurity Suite
    • The Daily T.R.U.T.H.
    • Remote Worker Cyber Resilience
    • Post Ransomware Threat Hunting Services
    • Cyber Threat Hunting
    • Penetration Testing
    • Secure Code Review
    • Phishing Attack Simulation
    • Managed Detection and Response
    • Ransomware Protection Package
    • Business Email Compromise
  • Advisory
    • Cybersecurity Advisory Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience & Response
    • Compliance Advisory
    • Cloud Security Advisory
    • Project Management as a Service (PMaaS)
    • Tabletop Exercises
    • Cyber Resiliency Training
  • SecurityScorecard
    • Request a Demo
    • Security Data
    • Security Ratings
    • Market Place
    • Security Assessments
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
  • Company
    • About LIFARS
    • About SecurityScorecard
    • Notable Cases and Evidence Contribution
    • Meet the Team
    • Clients Advisory Board
    • LISIRT – Computer Security IR Team
    • Cyber Alliances
    • Insurance Panels
    • Cyber Events & Webinars
    • Cyber Press Room
    • Career in CyberSecurity
    • Cyber Security Training Videos
    • LIFARS SMS Alerts
    • Hackbits Podcast

Latest Credential Data Breaches and What to Do to Not Get Compromised?

05/25/21
Latest credential data breaches and what to do to not get compromised

According to Verizon’s 2021 Data Breach Investigation Report, the median data breach costs companies over $21,000 with some numbering in the hundreds of thousands. The impact of data breaches has recently been further highlighted by recent high-profile credential data breaches.

However, the literature suggests that businesses are struggling to keep up with hackers. As many as 80% of breaches are detected by 3rd-parties. This shows the potential benefit of working with a trusted security-focused body to help fill the gaps in your security ecosystem.

 

If you learned that adversaries got hold of the data you are protecting, may it be customer, proprietary, or other sensitive information, you should contact LIFARS immediately. When dealing with data breaches, time is of the essence and the initial 24 hours after the discovery are critical. LIFARS handles data breaches with military precision and ensures that root cause is found, eliminated, and detailed forensics are performed to discover all compromised information.

 

Latest credential data breach incidents

Data breaches occur so frequently that it’s hard to keep up with the headlines. However, two recent incidents stand out for their sheer scale plus the fact that they affected two of the most popular social networks today.

On 3 April 2021, it became known that over 533 million Facebook accounts were leaked on a low-level hacking forum. The leaked information went as far as to reveal users’ phone numbers, which could be used for social engineering or to steal other account credentials.

Not even a week later, it was revealed that LinkedIn was also the subject of a credential breach in which over 500 million accounts were being put up for sale. 2 million records were leaked simply as proof.

That means that in just two incidents, uncovered in the space of 1 week, over 1 billion user credentials were leaked. That alone shows the scale of the issue we are all dealing with, as businesses, consumers, and security professionals.

How to prevent your data being compromised

Phishing Education and Training

Surprisingly, good old phishing is still the top of threat actions, increasing to 36% in the wake of the COVID-19 pandemic. This is on trend with social engineering remaining one of the most used avenues to affect a data breach.

Although it might seem set in stone, attackers are still frequently updating and refining phishing techniques. This makes it harder for both individuals and security tools to detect phishing attempts and distinguish them from legitimate emails/forms of contact.

Using paradigms like the Phish Scale will help ensure that you keep your phishing training up-to-date and relevant. You must also stay updated with the latest techniques of attackers and ways to detect phishing attempts.

Harden Credentials and Implement MFA

According to the same Verizon report, stealing credentials is the second largest technique used in data breaches. In fact, compromised credentials played some role in as many as 61% of all data breaches.

While strong password practices is a start, it’s simply not enough to stem the tide. Multi-factor authentication, on the other hand, is an extremely effective method to combat credential abuse. In fact, Alex Weiner of Microsoft has come out to say that MFA can make accounts using their OS 99.9% more secure.

MFA is especially important in remote/hybrid working environments where users may use unsecured devices/networks to access work-related platforms. However, MFA is not bulletproof in itself, and MFA best practices should be maintained for best results.

Implementing SSO (single-sign on) can also help by discouraging bad practices, such as weak passwords and credential sharing.

Tighten Up Your Code

Miscellaneous errors were also highlighted as the third most prominent pattern found in data breaches. Attackers are continuously probing businesses for weaknesses or entry points into their systems or networks. Even a relatively new error introduced by an update or code change can quickly be identified and exploited.

Due to the complexity of programming languages and software, the potential errors are too numerous to mention. Often, they are not even associated with typically exploits, such as SQL injection or memory dumps. For example, one of India’s largest HIPAA breaches involved a programming error where duplicate documents were often sent to wrong users.

Businesses need to have rigorous QA and testing procedures in place for not only their own existing software but for third-party software as well and including any updates or code changes.

Conclusion

As you can see, human weaknesses still play a major role in the prevalence of data breaches. Through phishing attempts, credential hacking, etc. 85% of data breaches involve some form of human error. That suggests proper training and education and instilling a sense of responsibility to all your stakeholders is critical to managing the risk of a data breach.

 

Sources:

533 million Facebook users’ phone numbers and personal data have been leaked online

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Verizon 2021 Data Breach Investigation Report

Related Posts

Share this:

  • Tweet
  • Pocket
  • WhatsApp
  • Email
  • Telegram
  • Share on Tumblr

subscribe for cybersecurity newsletter

LIFARS Cyber Security Training

  • Digital Forensics
    • Computer Forensics Services
    • LISIRT – LIFARS Computer Security Incident Response Team
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Cybersecurity
    • Proactive Cyber Security
    • Managed Cybersecurity Threat Hunting & Response Service
    • Post Ransomware Threat Hunting Services
    • The Daily TRUTH
    • Remote Worker Cyber Resilience
    • Penetration Testing
    • Secure Code Review
    • Cyber Threat Hunting
    • Phishing Attack Simulation
  • Security Advisory
    • Cybersecurity Advisory and Consulting Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience Subscription
    • Compliance Advisory
    • Cloud Security Advisory Services
    • Tabletop Exercises
    • Cyber Resiliency Training
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
    • Cyber Events
    • Webinars
    • QuBit Conference
  • Company
    • About Us
    • LIFARS Leadership
    • Alliances
    • Clients Advisory Board
    • Join US!
    • Video Gallery
    • Blog
    • Newsletter
    • Press Room
  • Contact Us
    contact@lifars.com
    (212) 222-7061
    LIFARS, LLC
    244 Fifth Avenue
    Suite 2035
    New York, NY 10001

© 2023 LIFARS, a SecurityScorecard company

  • Privacy Policy
  • Cookie Policy