informa
Slideshow

5 Tips for Triaging Risk from Exposed Credentials

Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.
Validate Whether the Credentials Belong to Current Employees
Suppress New Alerts for the Same Credentials
Weed Out Duplicate Credential Data
Make Sure the Credentials Are Genuine
Implement Continuous Monitoring for Stolen/Leaked Credentials
1/5

With more than 15 billion exposed credentials currently available online, security teams need a formal process for quickly identifying the ones that might pose a threat to their organizations.

A study that Digital Shadows conducted earlier this year found that two-thirds of the credentials available on Dark and Clear Web markets are duplicates, and 80% of them are in cleartext format. Many are employee credentials that pose a significant risk to organizations in the hands of cybercriminals.

It's the security team's role to assess all of their exposed employee credentials to ascertain whether those credentials could enable attackers to take over accounts and gain access to internal systems, says Michael Marriott, manager of product marketing at Digital Shadows.

Security admins need to determine whether an exposed credential poses a risk to the business or whether it is no longer a threat because it is associated with a user who has left the organization, has expired, or another reason. Given that billions of credentials are exposed every year, this can be time-consuming, he says.

"This is a real challenge, and a practical solution requires a methodical approach that is less whack-a-mole," Marriott says. "Security teams spend a lot of time reassessing the same credential pair and wasting their time. If the security team has reset the password of a user who has had their credential breached, there is no need to do so every time that password resurfaces."

The following are five tips for triaging the risk associated with breached credentials.

 
Next slide
Recommended Reading: