Stolen credentials: a growing threat to businesses big and small

Stolen credentials are the leading cause of data breaches

According to Verizon’s most recent 2024 Data Breach Investigations Report, the human element is responsible for 68% of all breaches, and of the three key paths (stolen credentials, phishing, and exploiting vulnerabilities) that malicious players use to access data, stolen credentials is by far the most common – especially for web applications.

Large organizations such as financial & insurance, information services, manufacturing, and retail companies that have high-value, saleable assets are obvious targets. So too are organizations that routinely collect and store extremely sensitive client information such as medical and educational services providers and governmental agencies.

Smaller organizations are also attractive targets for bad actors

Large organizations are aware of their vulnerabilities and generally have teams of information security professionals who are dedicated to preventing breaches. And end users have become accustomed to the requirement for credentials verification through tools such as multifactor authentication when accessing online banking, government services, and leading e-Commerce sites, among others.

But credentials theft is not a problem for large organizations alone. Increasingly, smaller-sized businesses are being viewed as softer targets by bad actors because of their less robust security profiles. While ransomware remains the highest incidence form for smaller business attacks, compromised credentials are a close second, and unfortunately, such attacks can often mean the end of the smaller business.

‘When cybercrime makes the news, it is typically because a large organization has fallen victim to an attack. However, contrary to what many may think, very small organizations are just as enticing to criminals as large ones, and, in certain ways, maybe even more so.’ – Verizon Data Breach Investigations Report (2022)