Most businesses have a target on their back. And for good reason — their data and credentials are incredibly valuable to fraudsters, especially when it comes to large enterprises.
Against this backdrop, credential theft has become the emerging initial attack vector of choice for many hackers, as both the recent information systems breach at Dick’s Sporting Goods and the rising fallout from the April data theft from National Public Data, which exposed billions of individuals’ personally identifiable information, show.
The reasons are relatively straightforward: stolen credentials can grant direct access to internal systems, often without raising immediate alarms. With these credentials, attackers can move laterally within a network, exfiltrate data or deploy ransomware with minimal resistance.
The appeal for cybercriminals lies not just in the immediate access but in the potential to remain undetected for extended periods, allowing them to maximize the damage.
In the case of Dick’s Sporting Goods, hackers exploited stolen credentials to gain access to sensitive customer data, leading to a breach that compromised millions of accounts. Similarly, the breach at National Public Data underscored how the theft of a single set of credentials can have far-reaching consequences, potentially exposing vast amounts of personal information.
But while cyber and data breaches are becoming almost unavoidable, that doesn’t mean businesses should just sit back and take intrusions on the chin.
Read more: Why Business Email Compromise Scams Target Valuable B2B Relationships
In today’s digital landscape, large businesses will continue to be attractive targets for cybercriminals. The combination of valuable data, complex systems and the potential for significant ransom payments makes them particularly vulnerable.
By understanding the methods used by attackers and implementing a multi-layered approach to security, businesses can take key steps that help prevent a disruption from escalating into a disaster.
In interviews for the “What’s Next in Payments” series, executives stressed to PYMNTS that a multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.
That’s because when an attacker gains initial access through stolen credentials, the potential for escalation is significant. What might begin as a minor disruption — such as a temporary data breach or unauthorized access — can quickly spiral into a full-scale disaster.
“You may not have realized it yet, but they’re going to hit you,” Amount Director of Product Management Garrett Laird told PYMNTS. “The fraudsters are jerks — and they like to hit you on holidays and on weekends, at two in the morning.”
The larger the organization, the more complex its IT infrastructure tends to be. This complexity can create gaps in security, providing multiple points of entry for attackers. Large businesses often have extensive supply chains, where each link can be a potential vulnerability. Hackers often target these weaker links to gain access to the larger enterprise. Once inside the network, attackers can move laterally, gaining access to more sensitive systems and data. This movement is often done quietly, allowing the attacker to remain undetected.
Read more: Delta, CrowdStrike Fallout Highlights Why Firms Need a Recovery Plan
As long as there is valuable data to steal or systems to exploit, cybercriminals will continue to innovate and develop new methods to breach even the most secure networks. No organization, regardless of size or industry, can ever be completely immune to cyberattacks. However, while it may be impossible to stop all breaches from occurring, organizations can — and must — take steps to minimize the damage and impact when they do happen.
Having a well-defined incident response plan in place is crucial. This plan should include clear steps for containing a breach, mitigating damage and communicating with stakeholders. Regular drills can help ensure that the plan can be executed effectively under pressure.
According to Dick’s filing with the U.S. Securities and Exchange Commission reporting its recent cyber breach, “immediately upon detecting the incident … the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.”
Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.
David Drossman, chief information security officer at The Clearing House, described it to PYMNTS as building a “labyrinth of control” to offset damage, even if one layer fails.