Nearly 80 per cent of hacking-related breaches leverage compromised credentials and neglecting the process of secure access management can create vulnerabilities in the case of vendors and former employees, according to a new report.
In many organizations, these credentials permit access to all corners of the network.
According to SecureLink, a third-party remote access platform, enterprises must take note that how network credentials are managed directly reflects overall security.
“Whether it’s internal employees or third-party vendors that need access, comprehensive authentication and access control should always be in place,” SecureLink said in a statement on Friday.
Passwords, and especially passwords with privileged access, are a target for hackers since they’re able to get so information from just one singular password.
“Not only is this an easy way for hackers to get into one account, but if your administrator doesn’t use unique passwords across different platforms (both professionally and personally), then there is a whole wealth of information that is available to take,” warned the report.
When managing third-party remote access, the only way to ensure a vendor doesn’t compromise your network credentials is to never give them out.
“Remote support solutions should hide your network credentials and provide single sign-on (SSO) for vendors. Without this, vendors could share or store privileged credentials insecurely,” suggested the report.
The feature also helps to prevent “leapfrogging”, or the process of a technician launching additional connections from within the initial target host.
If the technician is never aware of their password, they are prevented from trying to log into other systems with the same account.
One common way for hackers to get to these credentials is to use phishing.
According to a Symantec Internet Security Threat Report, 71 per cent of successful targeted attacks involved a spear-phishing attack.
“With attackers more likely than ever to be able to establish a foothold on your network via phishing methods, defenders will want to strengthen their endpoint defenses to knock down the malware when it tries to infect off a click and also secure higher privilege credentials with technologies,” said SecureLink.
Sharing passwords among colleagues, both on purpose and on accident, can inadvertently lead to your credentials getting into the wrong hands.
“The deeper issue of password habits is that far too many users continue to rely on outdated practices that place their security at risk (writing down a password on a sticky note, or using easily guessed passwords). Keep in mind many people do not assume responsibility for having a weak, or crackable password,” said the report.
One of the most alarming aspects is that many people aren’t even aware of how risky their password behaviours are, or if they are, they accept the risks and simply take the easier, less secure route.
“Create strong passwords. Implement two-factor or multi-factor authentication. If breached, all passwords must be reset. Merely suggesting this as a plan of action lets many consumers to just ignore it,” the report noted.
Never have the same password for all accounts/logins.
“So, if one of your passwords is stolen or misused, at least the access given to the bad actor is to one platform instead of all,” it added.