<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Single Employee Credential Wreaks Havoc For US-based, Cyber Vendor

You may have seen in the press this week that a major, US-based, cyber security vendor fell victim to a data breach. This particular breach involved compromised employee credentials enabling unauthorised access to company data and proprietary software. Whilst the full impact is unknown at present, this does mean there is a risk of consequential breaches that could occur as a result of the proprietary information and technical 'know how' that was stolen.

The implications of data breaches can be costly for any organisation. From reputational damage to the financial impact, with the average cost coming in at £3.2m in 2021, through system downtime, loss of business, and fines. Not taking into consideration the unknown consequences of loss of intellectual property and technology “secrets”. Our practical advice for any organisation is to regularly review processes around security and user access so that external factors cannot negatively impact the wider business, whether it be private data, financial risk or something else.

Other actions to ensure your enterprise is secure:

  • Use Single Sign-On (SSO) to implement passwordless authentication, using open security standards such as SAML and OIDC to replace passwords with secure tokens
  • Where passwordless authentication is not yet supported, leverage an Enterprise Password Manager to enforce use of high-entropy and unique passwords
  • Enable multi-factor authentication on all business-critical applications or for access to your identity management solution
  • Remove redundant user licences.

We encourage all users of any cyber security products to audit the policies and procedures used for managing users and employees. We regularly review our own user processes and would encourage all organisations, based on this latest breach, to do the same. It's not just about technology, it's about people and process too.

Find out more on how organisations are protecting themselves against data breaches.

Back to Blog

Related Articles

My1Login named Winner at the 2021 Cloud Excellence Awards

My1Login is delighted to announce that it has been named the Cloud Security Product of the Year for Identity, Access and Authentication at the 2021 Cloud...

My1Login has been named a finalist for IAM in two Awards

My1Login has been named a finalist for its Identity and Access Management solution at both the Computing Security Awards and the Computing Security Excellence...

Ransomware Attacks. Why IAM is a key defence for Enterprises

The rapid growth of ransomware attacks is showing little sign of abating, with 37% of organisations hit by a ransomware attack in 2021, according to Sophos. The...