Story image

Companies fear data breaches caused by compromised credentials

02 May 2016

Data breaches are being linked mostly to compromised credentials, a Cloud Security Alliance (CSA) report has found.

Surveyed security professionals indicated that compromised credentials are the most common cause of past data breaches, as well as the most likely cause of possible data breaches in future.

As for past data breaches, 17% of the survey’s respondents indicated that their company had reported at least one in the past. Of those, nearly a quarter (22%) was caused by compromised credentials, according to the respondents.

As for the risk of a future data breach, 65% of respondents indicated that the likelihood their company would experience one due to compromised credentials as medium to high.

The most common perimeter security measure in organizations, according to the survey, is antivirus solution (90%), followed by email spam filter and web application firewall (both 82%).

Among access controls for end users, multi-factor authentication was reported as the most prevalent (72%), followed by single sign-on solutions for web and SaaS (55%) and for enterprise applications (53%).

“The survey confirmed the fact that credentials are often the point of failure of systems,” commented Peter Stančík, a security researcher at ESET.

“Even systems supposed to be secure can be often easily penetrated via misused credentials. Organizations often fail in their effort to let only authorized persons in and let them do only what they are allowed to do.”

According to Mr. Stančík, the problem with credentials is that many organizations still stick with passwords: “There are numerous issues with passwords. People tend to write them down on the back of the keyboards, share them across services or even with colleagues, tell them to anyone on any request.

“Simply, passwords no longer fit the purpose of securing access to systems and data.“

The fact that compromised credentials are the most feared cause of data breaches shows that access control is critical for security in organizations.

“Of technologies that can improve the level of security in organizations, two-factor authentication based on one-time passwords generated in users‘ mobile devices stands out as relatively inexpensive, easy to deploy and seamless to use,” stated Mr. Stančík.

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
IDC: Top 10 trends for Australia’s digital transformation
The CDO title is declining, 35% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Exclusive: How Australian businesses can foster customer loyalty with CX
From boardrooms to meeting rooms, there’s an overwhelming recognition of the importance of CX, particularly when it comes to building customer loyalty.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide.