Research uncovers extent of compromised login credentials in UK businesses

IT security vendor IS Decisions yesterday launched version 9 of its flagship software UserLock after the company’s research study found that more than 1 in 3 (34 per cent) of UK organisations have suffered a security breach as a result of compromised company login credentials.

The results uncover some shocking truths about the state of the country’s user access security. While 68 per cent of IT managers surveyed believe it is important to have a way to detect compromised credentials, 43 per cent believe that the security measures put in place by their organisation negatively impact employee productivity.

Therefore, many organisations aren’t looking out for crucial warning signs, possibly for the fear of impeding end users. 61 per cent don’t monitor sudden changes of login times and 57 per cent don’t monitor remote access from implausible locations. As a result, businesses are only confident of tracing a breach back to the source around a third (36 per cent) of the time.

UserLock counteracts these worrying findings by providing specific contextual and customisable user login rules based on time, location, machine, device, number of concurrent sessions and session types to ensure that authenticated users are exactly who they say they are. UserLock monitors all network logins in real-time and alerts IT admins to suspicious activity so they can act quickly to mitigate a breach.

It can also alert IT admins to other events of high-risk behaviour that could suggest a compromised account, for example an attempt to connect to a new session from an existing session with different credentials. IT admins can review and immediately block any suspect user accounts. UserLock 9 then denies all further logon attempts and closes any existing sessions, so administrators can mitigate risk much more quickly and effectively than with previous versions of the software.

IS Decisions CEO François Amigorena said: “The most worrying thing about compromised credentials is that, without technology, you’re not likely to detect a hacker because your systems believe that the person on the network is who they say they are. There’s no reason for your anti-virus software or firewall to flag anything to you.

“If you ask your neighbours to watch your house and keep an eye out for any signs of forced entry when you go on holiday, you’re going to miss the burglar who steals your keys and walks right through the front door. So that’s why we’ve decided to launch a new version of UserLock with a brand new set of features that go further to reduce the risk of external attacks and internal breaches.

The post New research uncovers widespread compromised login credentials across the UK appeared first on IT SECURITY GURU.

Photo Credit: Maxx-Studio/Shutterstock