Why just about any cybersecurity incident gives nightmares to CXOs
MAJOR cybersecurity incidents give nightmares to CXOs, irrespective of who was attacked — and for good reason.
When a cyberattack is successful, organizations lose credentials to accounts of anywhere between a few hundred thousand to a couple of million customers.
Those stolen credentials are a big risk to any organization, however strong their cyberdefense because employees who are also users of a service that suffered a breach, seldom change their passwords after an incident.
This is a big reason why credentials are so valuable. They’re sold in batches on the dark web after an incident, with prices falling every day as users are expected to ‘smarten up’ — although many cybersecurity experts point out that most users don’t take precautions to protect themselves despite being informed that their account was affected.
The original Facebook / Cambridge Analytica scandal that was in the spotlight for almost all of last year exposed up to 87 million accounts.
This was followed by reports of data breaches in the travel industry, affecting companies such as Cathay Pacific, British Airways, and Marriott International. Customers, of course, included business travelers who might have used their company email to register their account — and perhaps the same password.
While these are just a few, the reality is that tens of major businesses have been breached in the past year and user credentials have been stolen. Many of these, despite having informed the users via email, still pose a big risk to organizations where passwords haven’t been changed as a result of the notification.
Does 2-factor authentication help? Sure, it makes it harder for hackers to breach an account and forces them to attempt to exploit the next set of credentials which might be simpler — but it’s not a foolproof plan.
When an account is valuable because it belongs to a company’s managing director or c-suite executive (which can be found with a quick search on LinkedIn or Google), for example, hackers take a great deal of interest in maneuvering their way into the account, past the extra layers of security, as those accounts tend to have access to a whole lot of data from a number of business applications.
Truth be told, it’s not that sophisticated cybersecurity applications and intelligent Identity and Access Management (IAM) solutions fail to safeguard against attacks that use stolen credential — but they do find it much harder.
The right way to safeguard the organization against the theft of credentials on other portals and web applications is to train employees about their risks and responsibilities of cybersecurity and explain to them that they should ideally be using separate credentials for accounts on the corporate network and probably change them every few weeks.
In an ideal case, this should be part of the company’s cybersecurity policy and employees should be trained and retrained on the policy’s recommendations every now and then to ensure they understand and are able to do their bit to protect the organization from all external threats.
After all, (cybersecurity) experts do believe that prevention is better than cure.