The rapid acceleration of digital transformation, coupled with the widespread adoption of remote work and cloud technologies, has shifted the focus of cybercriminals towards a new target: employees. Employee credentials have become prized assets for exploitation, making their protection critical in safeguarding corporate networks.
The widespread use of employee credentials across various platforms offers clear benefits in terms of accessibility, convenience, and productivity. However, this interconnectedness also presents a significant risk. If an employee’s credentials are compromised – whether through theft or inadvertent access to a compromised system – the entire enterprise could be exposed to threats.
The allure of employee credentials
For cybercriminals, the motivation behind stealing an employee’s credentials is to infiltrate the corporate network. Targets can range from C-suite executives down the corporate ladder to junior staff, who may not realise their identities have been compromised. Once inside the network, criminal activities range from stealing sensitive company data for industrial espionage to locking down systems for ransom.
While the tactics for gaining access vary, phishing emails remain a popular choice for hackers. “
The number one method is still email,” says William Petherbridge, manager of systems engineering at Fortinet. “Phishing attacks are still effective in tricking employees into logging into fake accounts to steal their credentials. When an email appears to come from a senior individual within an organisation with specific instructions, employees tend to act quickly.
“That’s why awareness is critical. Employees should ask themselves: would I normally get an email from this person? Is this type of communication usual? If it seems out of the ordinary, the best approach is to check with your direct manager or use the organisation’s reporting systems for phishing attempts.”
Identity Threat Detection and Response in cybersecurity
Although most large corporate entities have security operations centres or outsource them, the challenge is the sheer volume of alerts received.
“Security teams receive thousands of alerts, making it impossible to review manually and take action on any of them. That’s where automation and detection response systems come into play; having tools that can automate and make sense of that data is essential,” explains Petherbridge.
Identity threat detection and response (ITDR) is both a reactive tool and a proactive defence mechanism, allowing businesses to monitor user behaviours and prevent breaches before they can fully unfold. By focusing on unusual behaviour patterns, including unexpected logins from different geographical regions or abnormal access times, an ITDR framework can not only help to detect and prevent potential threats but also automatically block suspicious activity, or escalate issues for further investigation, giving companies a much-needed edge in preventing breaches and cyberattacks.
What steps can organisations take?
Combatting identity theft requires a multi-layered approach. “On the preventative side, strong passwords are a basic requirement together with multi-factor authentication. Beyond that, Privileged Access Management (PAM) and Identity and Access Management (IAM) systems help define the role of each user and what they’re allowed to access,” says Petherbridge.
“On the detection end of the equation, enterprise-level organisations need the ability to analyse identity behaviour, including anomalies in login patterns or unusual activity, and immediately respond if something suspicious is taking place.”
By automating the detection and response process, businesses can respond more quickly to identity-based threats and prevent cybercriminals from gaining a foothold in their networks.
“ITDR isn’t a single piece of software but an integrated practice that leverages multiple security tools. Modern organisations need a comprehensive cybersecurity strategy that includes Identity Threat Detection and Response as a vital tool in defending against identity-based attacks,” Petherbridge concludes.