The danger of compromised credentials from poor logon security
There are plenty of examples of how much damage one incident of unwanted access can do to a company’s reputation and /or financial bottom line.
Despite this our research reveals that many organizations are still failing to protect against compromised network logins.
of organizations suffered a security breach as a result of compromised credentials
of organizations believe detecting possible compromised credentials is important
Compromised credentials are key to avoiding network breach detection. You’re not likely to detect someone from ‘inside’ or ‘outside’ the organization using stolen or shared credentials because your system believes that person on the network is who they say they are. The logon belongs to an authenticated user with authorized access!
The common causes of compromised logins
It’s first and foremost end user security behavior that endangers your network.
Phishing (user clicks on link and enters credentials)
Password sharing with colleagues
Social engineering (unknowing handing over to malicious party, other than phishing)
Duplication (i.e. reuse of corporate credentials on third-party sites for ease)
Hacked database including user credentials
Users are human, they are flawed, and they are careless and often exploited. They will always act outside the boundaries of policy and sometimes common sense.
Security solutions must be there to protect employees from careless behavior but also protect the business from outsiders trying to gain access to the network by pretending to be employees.
A move away from MFA security controls that impede your employees
Most organizations use at least one additional method than passwords to verify all users claimed identity to guard against compromised credentials.
Multi-factor authentication (MFA) is a method that combines two or more independent credentials known to the user and is designed to protect the network in the event that one or the other credentials have been compromised.
MFA has been covered a lot in the media over the last few years so it might be surprising for IT managers to learn from our research that MFA figures were lower than expected.
What method does your company currently use to guard against compromised network credentials?
MFA solutions are not widely adopted and most likely because they impede end-users with additional security steps that prove costly, complex and time-consuming for the IT department to set up and manage.
Our research shows that organizations are becoming more aware of the effect that complex security has on productivity, with 51% saying the day-to-day impact of security on employee productivity is increasing.
« The day-to-day impact of security on employee productivity is increasing »
Agree or strongly agree
Today’s digital workforce require fast access to information be competitive and effective and thus demand less friction, reducing the value of preventative access controls that impede users such as tokens.
Security procedures are there to aid and protect the organization as a whole, not hinder the productivity of its employees.
Avoid adding complex and costly solutions that only end up being disruptive to IT managers
When it comes to wanting to guard against the threat of compromised credentials, our research highlighted the biggest barriers IT managers face.
The top three are: complexity with existing IT infrastructure, time to manage and oversee and the cost of technology solutions.
Complexity with IT infrastructure
Time to manage and oversee
Cost of technology solutions
Security does not have to be frustrating. Focus on solutions that are adaptive to your existing IT infrastructure and easy to deploy across all users without the need for additional hardware or software such as tokens or individual installations across workstations.
Select a solution that leverages on your existing investment and IT infrastructure that can be seamlessly installed without the need to go to each work station to deploy it and without the need for complex or customized code. Most importantly, select one that is easy to manage.
Include contextual security to secure your network
Striking the right balance between user productivity and user security is an understandable challenge but with the right technologies and processes in place, the two aren’t mutually exclusive.
Most organizations do use at least one additional method to guard against compromised network credentials and are prioritizing methods like real-time monitoring of accounts, alerts for abnormal logon activity and contextual access restrictions.
What method(s) does your company currently use to guard against compromised network credentials?
Alerts on abnormal logon activity
Information security awareness and training
Privilege access and account management
Real-time monitoring of account logon activity
Contextual access restrictions to limit end users’ access
Your users will have already been assigned logins, but you won’t know if abnormal behavior is happening if you don’t monitor these sessions. Real-time monitoring of user activity lets you know who is connected from which workstation or device and since when. It is the simple answer to creating a more secure environment that does not have a negative impact on users.
It is important to identify the warning signs when someone uninvited has breached your network. In our survey we’ve identified the top five most common signs that IT managers look out for:
The top five signs above are top for a reason — because they are the usual suspects when it comes to identifying if someone uninvited has breached your network.
By taking a closer look at the contextual information around the logon, you can identify and stop network access when credentials have been compromised. For example, are they logging in outside of normal office hours? Are they logging in from a location they have never logged in from before? Are they accessing files en mass? These behaviors should ring alarm bells that something’s not right.
IT departments can easily set and enforce a customized access policy that includes context-aware restrictions such as location, IP address, time of day, and number of simultaneous sessions that are transparent to the user and does not impede on productivity. These access policies protect against compromised network credentials to reduce the risk of both external attacks and internal security breaches.
Here are some important signs so you can investigate quickly when something goes wrong
Unusual resource usage
(for example, mass file or access)
Implausible remote access
(access from unlikely locations)
Sudden change in working/office hours
(sequential logins from locations too far apart to travel between in the time)
Using contextual security doesn’t just help guard against compromised credentials, it operates transparently without impeding users with any additional security actions or restrictions.
Compromised credentials can happen to everyone - Don't let it be you
Drawing on the research findings and our own expertise we have produced a simple six-step guide to those organizations that want the best of both worlds — a secure network and a productive workforce.
Deploy two-factor authentication
to all user accounts to verify the identity of access attempts.
Implement real-time monitoring
so you know what’s happening on your network.
Look at contextual information
so you can identify if authenticated credentials have been compromised and stop network access.
Customise network access controls
on when, where and how long users access the networks. If an employee signs in from an unusual location from an unusual time — you’ll know something is not right.
Choose a solution that is neither complex nor costly
and also does not impede productivity so you can strike the right balance between protection and detection, and user security and user productivity.
Train, educate and regularly remind employees on security,
alongside sensible restrictions that will protect them and the network. Make them feel empowered and unimpeded, safe in the knowledge that if mistakes are made, the security solution will protect the network.
How to achieve these 6 steps
Our security software UserLock can help you achieve these 6 steps and guard against compromised credentials on a Windows network.
Working alongside Active Directory, UserLock removes the frustration for IT and works to balance user security and user productivity.
User Logon Security for Windows Active Directory