Most companies are targeted. And for good reason: your data and credentials are incredibly valuable to fraudsters, especially at large companies.
Against this backdrop, credential theft has become the preferred attack vector for many hackers, as evidenced by both the recent breach of information systems at Dick’s Sporting Goods and the growing fallout from the National Public Data breach in April, which exposed the personal information of billions of people.
The reasons for this are relatively simple: Stolen credentials can grant direct access to internal systems, often without immediately raising alarms. With these credentials, attackers can move laterally within a network, exfiltrate data, or deploy ransomware with minimal resistance.
For cyber criminals, the appeal lies not only in immediate access, but also in the ability to remain undetected for longer periods of time and thus maximize the damage.
In the Dick’s Sporting Goods case, hackers used stolen credentials to gain access to sensitive customer data, resulting in a data breach that compromised millions of accounts. The National Public Data breach also highlighted the far-reaching consequences of stealing a single set of credentials, potentially exposing large amounts of personal information.
Even though cyber and data breaches are becoming almost inevitable, that doesn’t mean companies should sit back and accept intruders.
Read more: Why business email fraud targets valuable B2B relationships
How companies can prevent disasters
In today’s digital landscape, large organizations remain attractive targets for cybercriminals. The combination of valuable data, complex systems and the possibility of significant ransom payments makes them particularly vulnerable.
By understanding attackers’ methods and implementing a layered security approach, organizations can take important steps to prevent a disruption from escalating into a disaster.
In interviews for the What’s Next in Payments series, executives told PYMNTS that a layered security strategy, also known as defense in depth, is critical to reducing risk at multiple levels. This approach means implementing multiple defenses across the entire corporate network.
If an attacker gains initial access using stolen credentials, the potential for escalation is significant. What begins as a minor disruption – such as a temporary data breach or unauthorized access – can quickly escalate into a catastrophe.
“You may not have realized it yet, but they’re going to hit you,” Garrett Laird, director of product management at Amount, told PYMNTS. “The scammers are idiots – and they like to hit you on holidays and weekends, at 2 a.m..”
Typically, the larger the organization, the more complex its IT infrastructure is. This complexity can create security gaps and provide attackers with multiple entry points. Large companies often have extensive supply chains where every link can be a potential vulnerability. Hackers often target these weaker links to gain access to the entire organization. Once inside the network, attackers can move laterally, gaining access to more sensitive systems and data. This movement is often unnoticed, allowing the attacker to remain undetected.
Read more: The consequences of Delta and CrowdStrike show why companies need a recovery plan
Reduce the risk of initial access through stolen credentials
As long as there is valuable data to steal or systems to exploit, cybercriminals will continue to innovate and develop new methods to penetrate even the most secure networks. No organization, regardless of size or industry, can ever be completely immune to cyberattacks. While it may be impossible to prevent all breaches, organizations can and must take steps to minimize the damage and impact when they do occur.
It is critical to have a well-defined incident response plan. This plan should include clear steps to contain a breach, mitigate damage, and communicate with stakeholders. Regular exercises can help ensure the plan can be implemented effectively, even under pressure.
According to Dick’s filing with the U.S. Securities and Exchange Commission (SEC) regarding the recent cyberattack, “immediately after becoming aware of the incident, the Company activated its cybersecurity response plan and engaged its third-party cybersecurity experts to investigate, isolate and contain the threat.”
Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.
David Drossman, chief information security officer at The Clearing House, described it to PYMNTS as building a “maze of controls” to mitigate damage even if one layer fails.
