Criminals love stealing credentials, and too many people are handing them the keys to the kingdom. A recent study by Verizon showed that 91% of phishing attacks targeted the user’s credentials. Why? Because stealing your username and password is the easiest way to break in to your business data, your bank account and more.
We, as everyday people, make it even easier when we choose weak passwords or reuse the same passwords in multiple places. In fact, the study reported that 63% of confirmed data breaches involved weak, stolen or default passwords.
You’ve probably been told a hundred times to use a secure password. Many services even require long passwords or passwords with special characters. Many people are still ignoring the advice. As of 2016, 123456 was still the most common password. Other laughably crackable passwords on the list include qwerty, 111111 and, of course, password.
Another common method for choosing passwords is to use pet names, birthdays, favourite sports teams, etc. Nowadays, Facebook probably knows more about you than some of your family members. It’s not hard for a hacker to use Facebook to find out your favourite band and your mother’s maiden name.
Imagine if an employee’s personal credentials get hacked, but they’re using the same password for their work email. Suddenly, the hacker has a backdoor into your business.
Even with a strong password, you’re probably guilty of another password crime: recycling. 83% of Australians admit to using the same password for multiple online accounts. Once a criminal gets their hands on your credentials for one account, they’ll certainly try it on any of your other accounts they can find.
This is a big danger for businesses. Imagine if an employee’s personal credentials get hacked, but they’re using the same password for their work email. Suddenly, the hacker has a backdoor into your business. Once inside, they can sneak malware onto your network or try to penetrate deeper to get at your financial or employee records.
Reusing the same password for multiple accounts is like having the same key for your business, your house, your car and your bank account. Risky. Even worse, if it’s a weak password, it’s like making the key neon green and hiding it under your front doormat. No one would ever look there, right?
One big problem with stolen credentials is that many businesses don’t know when they’re stolen. According to the Verizon study, 93% of attacks took only minutes, but the organisation took weeks or more to discover the breach.
In that time, your stolen data can travel extremely far on what’s called the “dark web.” The dark web is a part of the Internet can only be accessed with special browsers and direct links, making users untraceable. Criminals and hackers exploit this anonymity to buy and sell thousands of stolen credentials every day.
One big problem with stolen credentials is that many businesses don’t know when they’re stolen.
In an experiment by cloud security company Bitglass, researchers tested how stolen data spreads on the dark web. They created a fake Google Drive account with fake financial data and other personal data. Then they leaked the Google Drive credentials and watched how hackers reacted.
The data immediately generated over 1,400 hits and 94% of the hackers also found the victim’s other accounts, including the fake bank account. It’s a powerful reminder of how fast information can spread online and of the danger of reusing passwords.
Again, most businesses don’t know if and when their credentials are stolen. But you don’t have to be in the dark anymore. Domain Digital can run a “Dark Web Penetration Report”and see if any of your company email addresses or passwords are on the Dark Web. We can then monitor the dark web and alert you when we detect any stolen information about your company. To book your “Dark Web Penetration Report”
Want to know more about how Domain Digital’s IT services in Perth could be of value to your business?