New York Attorney General Letitia James reported 1.1 million credentials tied to 17 “well known” state businesses were compromised in recent cyberattacks.
According to the alert, many of the firms were unaware that that their customer’s passwords had been compromised. The bulletin was issued January 5 and part of what appears to be a public awareness campaign around credential stuffing.
Cybersecurity tied to employee and customer passwords (also referred to as credentials) are often a security soft spot for companies and the door used by adversaries to infiltrate a business. The management of credentials, according to James, needs to be a central focus in thwarting so-called credential stuffing attacks.
“Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users’ personal information stand in jeopardy,” James said. “Businesses have the responsibility to take appropriate action to protect their customers’ online accounts.”
Employees Reuse Consumer Service Passwords for Work
Often for companies, credential stuffing and password management is perceived as a company-specific issue. However, given that employees reuse passwords for work and consumer services the scope of the threat can impact multiple accounts, according to experts discussing password security in a recent Threatpost webinar, Password Reset: Claiming Control of Credentials to Stop Attacks.
In this recent Threatpost roundtable event sponsored by Specops Software, security expert Darren James was joined by credential expert Roger Grimes, a defense evangelist with KnowBe4. Speocops’ James and Grimes offer a glimpse at today’s (2022) cybersecurity landscape and how to fight credential attacks and keep mitigation costs down.
The average cost of one help desk call to reset a password costs an organization $70, according to Specops’ James. “Multiply that by thousands of employees and that bill starts to add up,” he said.
Make Credential Management & Security Central to 2022
- What makes a good password in 2022?
- Modern credential management for the enterprise.
- How to mitigate a post-credential breach.
Also learn how modern cybergangs are exploiting sloppy password hygiene and how to streamline smart password management across an organization.
Register to view the on-demand event: Password Reset: Claiming Control of Credentials.