It doesn’t seem plausible that a hacker would target Netflix in order to gain access to your EHR database, yet it might be more doable then you think.
It’s called credential stuffing, and it’s becoming a huge problem.
Hackers used to work long, hard hours, trying to break in one account at a time. They’d use password “dictionaries” in which they’d try the most common combinations over and over again, looking for a hole into a system.
But why do things the old fashion way when there’s a much easier, automated approach? Credential stuffing is a brute-force technique where attackers use lists of valid credentials obtained through data breaches to gain access to a system. It gives hackers a higher success rate, and allows them into even more accounts across the web. People have a habit of using the same password for multiple accounts. That means if it works for one site - Netflix, for example - a hacker suddenly has access to every service used.
Why wouldn’t a hacker prefer this path? A report by Insikt Group on the Economy of Credential Stuffing Attacks found that with an investment of as little as $550, a cybercriminal can expect as much as 20 times the earning potential from the credentials they receive.
What can you do to ensure it doesn’t happen to you?
Staying up to date on patches and upgrades, as well as ensuring your firewalls are in place, is a good place to start. But you’ll need to stay diligent to recognize hacker behavior, and prevent these potential attacks.
Multi-factor authentication can also curb entry. Even though phishing attacks can bypass the use of multi-factor authentication, it does make it harder to penetrate the masses. Depending on the sensitivity of your data, it adds an added layer of protection that can make some cybercriminals look for easier entry elsewhere.
It’s also important to be proactive in your monitoring. If a breach does occur, find the accounts impacted, and require resets and changes to passwords. This is also a good point to add multi-factor authentication to these accounts.
And finally, commit to a strong, recurring security awareness training program for all employees. Teach why reusing passwords puts them in danger of being attacked, and provide guidelines for how they can increase password security both at work and at home.
Credential stuffing isn’t fading from our landscape. Instead, it’s likely to pick up speed in the coming months and years. This is a perfect opportunity to up your game and build a stronger security system now.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.
