The rapid acceleration of digital transformation, coupled with the widespread adoption of remote work and cloud technologies, has shifted the focus of cybercriminals towards a new target: employees.
Employee credentials have become prized assets for exploitation, making their protection critical in safeguarding corporate networks. If an employee’s credentials are compromised – whether through theft or inadvertent access to a compromised system – the entire enterprise could be exposed to threats.
The allure of employee credentials
For cybercriminals, the motivation behind stealing an employee’s credentials is to infiltrate the corporate network. Once inside the network, criminal activities range from stealing sensitive company data for industrial espionage to locking down systems for ransom.
While the tactics for gaining access vary, phishing emails remain a popular choice for hackers. “The number one method is still email,” says William Petherbridge, manager of systems engineering at Fortinet. “Phishing attacks are still effective in tricking employees into logging into fake accounts to steal their credentials. When an email appears to come from a senior individual within an organisation with specific instructions, employees tend to act quickly. That’s why awareness is critical. Employees should ask themselves: Would I normally get an email from this person?”
Identity threat detection and response in cybersecurity
Although most large corporate entities have security operations centres or outsource them, the challenge is the sheer volume of alerts received. “Security teams receive thousands of alerts, making it impossible to review manually and act on any of them. That’s where automation and detection response systems come into play; having tools that can automate and make sense of that data is essential,” says Petherbridge.
Identity threat detection and response (ITDR) is both a reactive tool and a proactive defence mechanism, allowing businesses to monitor user behaviour and prevent breaches before they can fully unfold. By focusing on unusual behaviour patterns, including unexpected logins from different geographical regions or abnormal access times, an ITDR framework not only helps to detect and prevent potential threats but also automatically blocks suspicious activity or escalates issues for further investigation, giving companies a much-needed edge in preventing breaches and cyberattacks.
What steps can organisations take?
Combatting identity theft requires a multi-layered approach. “On the preventative side, strong passwords are a basic requirement together with multi-factor authentication. Beyond that, privileged access management (PAM) and identity and access management (IAM) systems help define the role of each user and what they’re allowed to access,” says Petherbridge. “On the detection end of the equation, enterprise-level organisations need the ability to analyse identity behaviour, including anomalies in login patterns or unusual activity and immediately respond if something suspicious is taking place.”
By automating the detection and response process, businesses can respond more quickly to identity-based threats and prevent cybercriminals from gaining a foothold in their networks. ITDR isn’t a single piece of software but an integrated practice that leverages multiple security tools.