Protecting user identities and preventing phishing attacks are key tactical priorities for today’s security professional. The majority of breaches involve password theft at some stage of the attack. Nearly two-thirds of the breaches analyzed by Verizon in the 2016 Data Breach Incident Report (DBIR) used stolen credentials. This is because the vast majority of organizations continue to use password-based credentials as the primary means of securing user access, and it is easier for an attacker to steal passwords than it is to find and hack a vulnerable system.
As a result, password stealing techniques are used by a broad spectrum of attackers to breach organizations, compromise their networks and steal critical data from internal data centers and the cloud. Traditional approaches to stop credential phishing rely only on classifying the phishing site before the user encounters it. If the organization’s security products miss a new phishing site, their only recourse is hoping the user doesn’t proceed and enters his credentials.
Tune into this BrightTALK - Palo Alto Networks video interview as Alexander Hinchliffe discusses the need to protect user credentials and advises how to improve your businesses security stature.