Do you think that using a remote desktop (RDP and or VPN) or M365, in these remote working times, is safe, just because you use complex and unique passwords that you change regularly?While to some extent you are correct in believing this, it does not in any way prevent your user accounts and their credentials from being compromised and offered for sale on the Dark Web.
First of all, what is the Dark Web, and who are the main players?
The Dark Web is a marketplace primarily used by cybercriminals.
Stolen files including identity and credit card information are offered for sale there. 15 billion identifications are said to be in circulation there.
Following a data breach, attackers will typically post or sell the information they've collected on the Dark Web.
Malicious buyers then use these stolen credentials to impersonate the owner in order to commit theft or other types of fraud. Since the vast majority of users reuse the same passwords across multiple sites, cybercriminals have access to them as well.
The same is true for corporate access, whether it is SaaS services, VPN access, or internal systems.
Your MSSP can provide you with the results of a recognition audit that identifies your information that is exposed online.
With the increasing number and sophistication of attacks, and the ability of adversaries to move sideways within infected networks, the credentials of a single employee may be enough to put an entire organization at risk.
And what's more, many times breaches are not detected until after it's discovered that the compromised sensitive information has been posted or is for sale on the Dark Web.
According to the Cost of a Data Breach 2020 report, the average time to identify and contain a data breach is 280 days or approximately 9 months.
Any data breach risks ending up on the Dark Web, as attackers can reap substantial gains, too often with impunity. This in turn feeds new attacks and new data breaches.
To strengthen your cybersecurity, you need to adopt the essential measures that Present can help you put in place.
According to Microsoft, the vast majority of account hijacking attacks can be blocked with multi-factor authentication (MFA). MFA adds an extra layer of protection, making it much more difficult for cybercriminals to log in as someone else.
You should use an app like Microsoft Authenticator for the second factor, rather than SMS.
Knowing that employee credentials have been compromised, it is essential to conduct training to educate employees about cyber threats and how to spot them to mitigate attacks. Present is a partner of Terranova.
Configuring SPF, DKIM, and DMARC for your domains makes it very difficult for a malicious actor to send emails masquerading as your organization.
Present has the expertise to effectively combat phishing and spamming for M365 and other messaging.
First, a Zero Trust approach requires multi-factor authentication of users, and therefore makes credential theft ineffective, or at the very least much more difficult.
But assuming the attacker passes the first test, since he is using an unauthorized device, through remote access, he will fail authentication and access will be denied.
In a traditional approach, having only basic user credentials would allow access.
A company's image is based in part on its ability to demonstrate that it is deploying the required measures and the means at its disposal to ensure the security of the data of its customers, partners and employees.
In this sense, IT risk is a major business risk that must be managed.
Hence the importance of protecting your data and preventing it at all costs from being exposed on the Dark Web.
The right use of technology addresses business challenges and drives business growth in all areas of an enterprise. We hope this blog will offer insight into developing strategies and tactics to enable you to identify those key drivers of growth and keep pace with and anticipate the rapid technology change of today.