How familiar are you with that white, cold panic when you can’t find your credit card, house keys, smart phone, or wallet? That intense feeling of terror and the immediate, internal barrage of questions you ask yourself:
- Where did I last have it?
- How long has it been missing?
- Has anyone picked it up?
If it’s not found quickly, you’ll start acting to protect your assets and accounts to prevent any further loss or fraudulent behaviour.
These are physical and personal losses, we feel them, we want to replace and protect these items, we have a good idea of what the damage and consequences of losing them will be. Would it be the same reaction if you realised that your user credentials had been taken or accessed. Your Facebook login, online banking details, birth date, maiden name, favourite holiday destination and name of your first pet/best man, what if those ‘things’ had all been taken? What could the potential consequences be?
But what if the user credentials for your business had been compromised? What then?
The “Dark Web” is mentioned more frequently in the news and the press, and users are beginning to better understand how it’s associated with a wide variety of criminal activities. Cyber Criminal activity is an increasing threat to SMBs, and a serious crime to highlight, is the sale of stolen verified user credentials via chat rooms, forums and other dark corners of the web.
In a comprehensive analysis carried out by Gematto in 2016, there were 1.4 billion records lost or stolen, and Juniper Research are predicting the global cost of data breaches will reach $2.1 Trillion in 2019! You can see the list from IT Governance for March 2018 here.
The magnitude of some of these attacks is astounding, but many large corporations will already have the resources to survive the disruptions experienced at the hands of these criminal activities. It’s the smaller businesses however, that are feeling the impact the hardest when a cyberattack occurs due to lack of preparedness, lack of cyber security and other resources to stop or counteract an attack. It’s estimated that as many as one third of small-to-medium-sized businesses have been hit by ransomware, forcing many of them to halt operations completely.
The problem faced by IT Managers and IT Security officers is how can they prevent a breach launched using leaked credentials without knowing the credentials have been leaked until it is too late?
If a hacker has managed to steal your business credentials they will quickly gain access through the layers of security in place as they will be identified as a valid user, remember how Han Solo gained access to the moon of Endor using stolen access codes in Return of the Jedi? Just like that.
Tools have been available to check the Dark Web for stolen and leaked credentials for a while now, however these have been costly and out of scope for most organisations without a spare £10,000 of security budget.
At Mirus we take Cyber Security and its costs, very seriously and have developed a Cyber Security Essentials Best Practice Programme that we use internally and to support our clients. This includes assisting with password policies, setting up appropriate firewalls, DNS scanning and DARK WEB MONITORING. We partner with ID Agent and can utilise their highly regarded Dark Web ID Business Monitoring solution, which means we can quickly and effectively notify clients of any leaked credentials that are available for sale on the Dark Web. We then help our clients identify the breach and investigate and define any further action or security procedures including user training and new password policies required to reduce future risk.
We offer FREE Dark Web Consultation and an Initial Scan with reporting. If you’d like to know more, if you have a suspicion that someone or something could have put your business at risk of a cybercrime, get in touch.
Additional Information: Ping Magazine.
The three pillars of Mirus are:
Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.