A stunning 81% of company data breaches are the result of poor password management by employees, according to a Verizon (News - Alert) Data Breach Investigations Report. “81% of hacking-related breaches leveraged either stolen and/or weak passwords,” according to the report, which is published annually.
Even though 91% of people know that reusing passwords is poor practice, 59% reuse their passwords at home and at work. The financial cost to businesses is huge, as is the related cost to customers when their data is stolen as adversaries break into the enterprise environment and attack databases, applications, and even entire networks, which can bring business to a halt.
Equifax lost somewhere between $450 and $600 million, as its reputation continues to suffer, based on an attack that happened as a result of poor password hygiene.
SpyCloud, a leader in account takeover prevention, last month launched new, automated tools for checking and maintaining password security in Microsoft (News - Alert) Active Directory, the central authentication system used by almost all Fortune 1000 companies and by businesses of all sizes around the world. The company demonstrated their account takeover prevention solutions at the NetEvents conference in Silicon Valley.
"Enterprises using SpyCloud Active Directory Guardian can outpace cyber criminals. The combination of early detection of leaked credentials with automated remediation makes it a comprehensive tool for securing employee accounts, often the weakest link in an enterprise's overall security posture," said David Endler, SpyCloud's Chief Product Officer, and Co-Founder.
Al Dixon, Principal IT Security Architect of CorpIT at EBSCO Industries, is a fan. "SpyCloud Active Directory Guardian has saved us more than 1,000-man hours,” Dixon said. “As soon as it detects a compromised account, the integration with Active Directory works to reset that account, and it sends a notification to the security teams that remediation is taking place. The solution gives us peace of mind — a level of comfort that we can not only detect account compromises but also remediate them."
With SpyCloud Active Directory Guardian, cyber security teams can check employee login credentials in Active Directory against SpyCloud's data, a collection of more than 77 billion data points. If a password is in SpyCloud's data lake, it shouldn't be used in an enterprise's Active Directory.
SpyCloud's new automated offering can be set to regularly check usernames and passwords across the enterprise for dark web exposure, and searches for "fuzzy" matches where letters are replaced with numbers or special characters are added. Security teams receive a report detailing how many credentials are exposed and can force password resets on a person-by-person basis, or for all exposed accounts.
"Another piece I really like is the monitoring of personal emails," Dixon said. "We're not just monitoring internal corporate accounts, but we're able to extend that to individuals and can monitor personal accounts for compromise as effectively as we do their corporate identity."
With the option to reset weak and exposed passwords automatically, SpyCloud Active Directory Guardian also makes it easier for companies to enforce the latest guidelines from the National Institute of Standards and Technology (NIST) for secure digital authentication. This guides enterprise employees to create robust passwords that haven't been exposed in breaches, are difficult to guess and easy to remember.