123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

The Great Russian Hacker Heist & The “shadow Id” Problem It Exposed

Profile Picture
By Author: Lauren Ellis
Total Articles: 35
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

On Monday the world learned that a small crew of Russian hackers stole 1.2 billion internet passwords. Before digging into what this means to your enterprise’s information security posture, I must first commend Nicole Perloth and David Gelles from the New York Times for their excellent journalism in breaking this important story.

So…over a billion passwords have been stolen. Chances are you or someone you know is on the list of compromised passwords. Time to call up grandma and tell her to change her AOL password. Joking aside, this is a serious breach and it’s important to understand the risk to information security at your enterprise and what you can do about it.

3 aspects of potential risk to your enterprise

Customer ID: If your enterprise is one of the 450,000 sites that was exploited during this breach, you have a number of issues to consider including review of vulnerability assessment practices, compliance regimes, and legal fees. Not surprisingly given the sensitivity of customer personal information exposed, a recent Poneomon study finds that the average cost to an enterprise for ...
... each data breach is $3.5M. Time to pull your wallet out!

Shadow IT: In this instance, your enterprise has not been breached, but a Cloud service that your enterprise uses has been breached. Determining the extent of vulnerability is difficult if you don’t know which services your employees are using. Your challenge starts with keeping abreast of “Shadow IT” and all the breached services that could impact your business. Setting up alerts and workflows in case a breach is disclosed, monitoring shadow IT proliferation, and accessing 3rd party intelligence sources to quantify the surface area of risk (including specific employee credentials compromised at these partner/vendor sites) are all helpful measures to take. This situation can be mitigated with the use of enterprise identity and SSO with sanctioned Cloud Security services.

“Shadow ID”: Here, your enterprise and the corporate cloud services in use have not been breached, but you may still have a “Shadow ID” problem wherein your employees have used their corporate identities (typically by registering in a site with a corporate email ID) when registering at 3rd party sites. Skyhigh’s data indicates that more than 80% of enterprises have this “Shadow ID” problem. This rampant proliferation of Shadow ID in and of itself may not be an “enterprise problem” – except that many studies have indicated that 30% of users typically reuse passwords and a significantly larger percentage of accounts can be compromised if a valid password from any environment is known. Hackers may try to login to the enterprise VPN or corporate mail with a user’s credential obtained from a breach. Even if the password is not reused by the user, the hacker will have a much better chance of guessing the right one.

The dark side of the cloud
Skyhigh identifies compromised corporate credentials and the source of that information for sale in the black market so that we can inform our customers of the extent of the “Shadow ID” problem in their organization. In doing so we’ve learned a lot of interesting lessons about what type of private corporate data is available to criminals for purchase in the online black market. Here’s what we have found.

Compromised credentials are commonplace
80% of F100 enterprises have a “shadow ID” problem where credentials associated with a corporate identity are available for purchase online.

50% of companies have a compromised corporate identity with an associated credit card number and billing address available for purchase online.

30% of companies have at least one compromised corporate credential with an associated PayPal or other bank account information available for purchase online.

We discovered an average 1,156 corporate credentials per enterprise available for purchase online.

Three ways to address “Shadow ID”

Here are three ways you can protect your company’s data stored in the cloud services from hackers using stolen corporate credentials:

Continuously monitor for “Shadow IT”, “Shadow ID” and compromised IDs. Notify individuals with compromised accounts so they can update their passwords and audit their recent account history to determine if a breach occurred.

Leverage machine learning algorithms that establish baseline behavior for every user and every Cloud Security service to identify any anomalous activity indicative of security breach or insider threat.

Require the use of corporate identity and SSO to ensure that credentials are not stored in 3rd party services. In addition, require enforcement of identity and context based access control of cloud services.

Author :
Lauren Ellis is a research analyst covering the technology industry’s top trends & topics, focusing on Cloud Security, Cloud Computing, Data Loss Prevention etc.,

Total Views: 360Word Count: 769See All articles From Author

Add Comment

Computers Articles

1. How Do You Choose The Right Customer Service Management Software?
Author: CRM-MASTERS

2. Unveiling The Power Of Seo: Why Your Business Can't Afford To Ignore It
Author: kylieholbeck

3. How To Check Your Airtag Location History: The Complete Guide
Author: Jason

4. Master The Art Of Video Editing: Free Course Unveiled!
Author: premiereboyz.online Ratnesh Yadav

5. How To Choose The Right Magento Website Development Company For Your Needs
Author: Web Panel Solutions

6. The Advantage Of Hiring The Services Of A Zoho Integration Consultant
Author: CRM-MASTERS

7. Driving Efficiency: Role Of Car Repair Software In Modern Automotive Workshops
Author: Role of Car Repair Software

8. Future-proofing Your Business With Structured Cabling Upgrades
Author: hartnettcrews

9. The Benefits Of Voip For Small Businesses: Cost Savings And More
Author: Sandip Patel

10. 4 Ways Pharma Data Analytics Helps Streamline Business Decision-making
Author: Giselle Fernandes

11. Spicing Up Rummy- Exploring Variations For Your Mobile Game
Author: John Stone

12. Should You Change Your Hdmi Cables When You Upgrade Your Tv
Author: Jennifer Truong

13. Acer Laptop Services - Why Acer Service Center Is More Important For The Laptop
Author: Rahul Tripathi

14. Accounting Client Management Software
Author: Robert

15. Easy Steps For Msme Registration In India: Your Quick Guide
Author: Udyam

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: