The PayPal breach of 2023 reminds us that 2FA isn’t a silver bullet and that credential security matters more than ever.
The scale of the recent LastPass breach is so large, changing all the passwords isn’t the most practical or realistic solution.
In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users. Nearly every year since, NIST has undertaken to update or underscore these guidelines as security experts continue […]
Assessing The Risk of Compromised Credentials to The Enterprise Businesses today face an abundance of organizational risk. These come in the form of creating the business model itself, dealing with third parties, managing vendors and partners, monitoring internal and external fiscal fraud, exercising premise security, and the like. In the 21st century, no greater risk […]
by Stan Bounev and Chris Olive When faced with the problem of data being open to all users on an early, 1960’s mainframe computer, Fernando “Corby” Corbato rather nonchalantly assigned passwords to protect user private data, and the concept of the computer password was born. Fast forward to today, and no one ever would have […]
What’s really amazing is that both criminals and organizations have access to a nearly identical set identity information that has been stolen. The simplest, most straightforward solution is to actively and passively make sure such identity information, such as user credentials, can’t be reused. Unfortunately, many organizations have decided to take other approaches that are […]
Account Takeover (ATO) Attacks Simply Don’t Matter Account Takeover (ATO) attacks seemingly just don’t matter. That’s the conclusion a semi-informed outside observer might potentially come to based on how these pernicious attacks are being addressed by the cybersecurity community. That ATO attacks desperately need to be addressed, and addressed in the right way, goes without […]
“Baby born with two heads! Alligators found in Central Park! 773 Million Credentials Leaked! Largest Breach In History! Step right up folks, and get the latest news, exclusively right here!” And so it may as well have been last week. The sensationalized news of the Collection #1 breach touted as “one of the largest breaches […]
Assessing The Risk of Compromised Credentials to The Enterprise Because technology now has a broad and pervasive impact on the successful operation of the business, comprehensive and accurate scoring and assessment of cybersecurity risk is absolutely essential and covers many areas of technology. To assess more accurately the cybersecurity risk, assessment of the compromised credential […]
Download This PDFFortune-500-compromised-account-report Summary Fortune 500 companies are the backbone of our economy. They employ over 27 million people. VeriClouds research team investigated the leaked online account credentials belonging to the employees of the 2017 Fortune 500 companies where an email address was used to set up an account. The number of leaked online accounts […]