If you have ever had your identity stolen or an online account compromised, you may have asked yourself how the theft of your information or credentials occurred. Recently, Google and UC Berkley conducted a study regarding the common ways in which someone’s account can get hacked.

“During the 12 months studying the underground markets, the researchers identified more than 788,000 credentials stolen via keyloggers, 12 million grabbed via phishing and 1.9 billion from breaches at other companies.”

Keyloggers

Phishing

Breaches

The key takeaway here is that the vast majority of credentials and personal information that are compromised have been stolen from companies that were supposed to be protecting that information.  In 2017, with the evolving cyber-threat landscape, organizations need to take a holistic approach to information security including technical controls, procedural controls, personnel controls, and (perhaps most importantly), employee training.

As highlighted by the study, phishing is also a major risk to both consumers and businesses which is why employee training is so crucial.  Can you and your employees recognize a phishing email?  Have you ever tested their ability to do so?  Are your current controls adequate enough to properly protect sensitive information and to stop your company from contributing to the static above?

Finally, the study also noted that only 3.1% of individuals that had accounts compromised responded by taking additional security measures (such as two-factor authentication).  So, if you have been compromised, whether personally or at work, make sure you take the appropriate steps to regain control of your accounts.

Related articles

Need-to-Know Privilege Explained

Need-to-Know Privilege Explained

In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.

read more

Pin It on Pinterest

Share This