WatchGuard Blog

The 4 most effective steps to mitigate account theft

The migration of assets to the Cloud has been the common denominator in company business strategies over the last two years, coupled with the rising number of incidents involving the theft of sensitive information and user passwords on Cloud platforms. According to the Verizon Data Breach Report 2021, in 2020 29,207 real-time security incidents were detected, out of which 5,258 were confirmed data breaches. The report indicates that attacks on web apps still represented a significant cybersecurity issue, accounting for 89% of breaches in 2020, out of which 61% exploited compromised credentials. 

Credentials can be stolen, bought, guessed or found on the dark web, especially if users do not practice secure password protection or if a secure structure is lacking at a technological level. This is not just a problem for users but also for companies, as their reputations can be damaged by data breaches. 

Implementing identity management and access control policies is key to protecting a company's confidential information. When users access a protected service, requesting additional information other than the password provides another security layer and proves a reliable tool to reduce data breaches in mobile apps. Multi-factor authentication (MFA) requires users to provide two or more pieces of information, such as the password associated with username and push notification, time-based one-time password (OTP) or other factors supported by their service or application. 

Another effective solution to prevent this type of account theft is endpoint protection (EPP). Through a portfolio of techniques based on local caching, behavioral heuristics and intelligence feeds, security platforms can detect malware and other types of threats at endpoints that could lead to data breaches, such as credential theft through phishing. 

Another common element is the adoption of authentication as a service (AaaS). As companies migrate their services to the Cloud, CISOs incorporate services with Cloud authentication capabilities when implementing their strategy so that institutions can verify customers safely through multi-factor authentication (MFA). This enables organizations to protect access to any application, from any device, anywhere in the Cloud.  

Given the risk of credential theft, we shouldn’t forget the important role played by host sensors, which are capable of collecting data on any type of anomaly detected, sending it to the Cloud for analysis. The way data is collected is fully configurable in this type of solution, pinpointing parameters such as files, processes, network connections and registry keys in the host. With this information, security systems can take appropriate action to address certain types of threats depending on the configuration, in order to prevent credential theft. A good example would be someone that got access to a user’s computer and is trying to forcibly get privileged access to servers.