What Is At Risk?
DIGITAL CREDENTIALS AT RISK
39% of adults in the US using the same or very similar passwords for multiple online services, which increase to 47% for adults 18-29.
Passwords are a twentieth century solution to a twentieth century problem. Unfortunately, usernames and passwords, the most common digital credentials used today, are all that stands between your employees and vital online services including corporate networks, social media sites, e-commerce sites and others. A good security practice is to use a completely different password for every service, but the fact is that nearly 40% of Americans replicate, the same or very similar passwords for each service they use.
HOW ARE CREDENTIALS COMPROMISED?
- Send emails disguised as legitimate messages
- Trick users into disclosing credentials
- Deliver malware that captures credentials
- Inject malware into legitimate online advertising networks
- Deliver malware to users that captures credentials
- Target a popular site: social media, corporate internet
- Inject malware into the code of the legitimate website
- Deliver malware to visitors that captures credentials
- Scan internet-facing company assets for vulnerabilities
- Exploit discovered vulnerabilities to establish a foothold
- Move laterally through the network to discover credentials
HOW DO HACKERS USE MY CREDENTIALS?
- Send spam from compromised email accounts
- Deface web properties and host malicious content
- Install malware on compromised systems
- Compromise other accounts using the same credentials
- Exfiltrate sensitive data (data breach)
- Identity theft
1 in 4 LAW FIRMS BREACHED
An average of 28,500 data records per company, including credentials, are compromised during a data breach.
User names and passwords represent the keys to the kingdom for malicious attackers. Criminals who know how to penetrate a company's defenses can easily steal hundreds or even thousands of credentials at a time, each one representing another potential entry point compromise the organization's networks and data.
PROTECTING AGAINST A COMPROMISE
While there is always a risk that attackers will compromise a company's systems through advanced attacks, the fact is that most data breaches exploit common vectors suck as known vulnerabilities, unpatched systems and unaware employees. Only through defense in depth—implementing a suite of tools suck as security monitoring, data leak prevention, multi factor authentication improved security awareness and others—can organizations protect their credentials and other digital assets for seeping onto the Dark Web.
DATA IS SOLD AT AUCTION
Typical price range on the Dark Web markets for compromised credentials, ranging from online services to corporate network usernames and passwords.
For those who make credentials available on the Dark Web, the financial rewards can be significant. A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in purchasing them. And by selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers.
ACTIONABLE INTELLIGENCE IS KEY
- NIST Guidelines recommend changing passwords only when a compromise occurs.
- How will you know there is compromise unless a data breach results in theft?
- Monitoring for compromised credentials on the Dark Web has historically been expensive and complicated.
THE CYBER POVERTY LINE
Your business falls below the Cyber Poverty Line
- 99% of US companies fall below the poverty line
- They don't have the expertise of resources to protect themselves and they are being violated by malicious actors
- 85% of businesses with <1000 employees have been hacked and most don't even know
WE KEEP YOU OUT OF THE DARK WEB
Small Businesses Need Dark Web Monitoring for Today’s Cybersecurity Risk. Protect your business and secure your assets.
MonitorDW makes Dark Web monitoring affordable enough for small business to take advantage of enterprise-level actionable intelligence.
24/7/365 alerting and monitoring for signs of compromised credentials, constantly scouring millions of sources including botnets, criminal chat rooms, peer-to-peer networks, malicious websites and blogs, bulletin boards, illegal black market sites; and other private and public forums.