Express Computer
Home  »  News  »  How to safeguard your business against credential-based attacks: Microsoft Security

How to safeguard your business against credential-based attacks: Microsoft Security

0 72

Cybersecurity is a growing concern for businesses of all sizes. As technology advances, so do the methods of cyber criminals looking to exploit vulnerabilities in security systems.

One of the most common methods they use is credential-based attacks, which involve stealing or obtaining credentials illegitimately.

Microsoft Security sheds light on two types of credential-based attacks and how to prevent them:

  • Phishing: Phishing emails and websites created to attack corporate targets only need to succeed once to gain credentials that can be sold to and shared with other bad actors. 93 percent of Microsoft recovery engagements reveal insufficient privilege access and lateral movement controls in organizations.
  • Push-bombing: Push-bombing is an attack that triggers multiple access attempts with stolen credentials, causing a rush of push notifications to the target user’s device. This can confuse the target and cause them to mistakenly allow authentication. People receive an average of 60-80 push notifications per day, which can lead to distraction and mistakes.

    So, how can organizations avoid such scenarios? Many attacks can be prevented—or at least made more difficult—through implementation and maintenance of basic security controls.

  • First, use Multi-Factor Authentication (MFA) with “Number Matching” or similar functionality to enhance MFA protection. This involves accepting a push notification and inputting a matching number.
  • Isolation is a fundamental protection for regaining control. Without isolation and strict control of communications and access between the security zones, this security model fails. As such, remote administration requires a computer in the same security zone.
  • Establish a solid inventory of all technology assets. Continually update operating systems and software and maintain secure administrative practices.
  • Finally, implement comprehensive centralized log collection with a well-defined retention policy.

In conclusion, as cyber threats continue to evolve, organizations need to stay vigilant and implement strong cybersecurity measures. By following these tips and staying informed, businesses can protect themselves from credential-based attacks and other cyber threats.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image