Around 91% of ecommerce logins in 2018 were classified as credential stuffing attacks. To put it into perspective, only one login out of ten globally were legitimate. Considering that many people prefer shopping online, that’s a scary statistic.
What’s potentially scarier is that you might not even have heard of credential stuffing before. It’s not a crime that gets a lot of airtime. Why? It’s not considered sexy – you don’t hear about a credential stuffing attack exposing the data of millions of consumers.
That doesn’t mean that they’re not a serious threat, though. In fact, when it comes to cybersecurity, we all need to start paying more attention. Cybercrime costs our economy over $525 million a year.
As business owners, credential stuffing attacks are cause for a great deal of concern. You might be a victim of one of these attacks. You could also be used as a source of information to launch a new attack. In this post, we’ll look at actionable tips to help you protect your business and clients.
What is a Credential Stuffing Attack?
Do you use the same password for every site you visit? If you’re a regular reader, you’ll know that this is not a good idea. Still, we understand the issue – it’s difficult to remember a whole bunch of passwords. It’s more convenient to use one or two on all sites.
The hackers are counting on your love of convenience. They have a hard time breaking into highly secure systems like the IRS and banking institutions. If you’re using your banking password to log into a forum or blog, they don’t need to hack high-security institutions.
All they need to do is to hack the blog or forum, and they’ve got what they need. And you thought that it was harmless to register for that free marketing report.
Hackers will steal the username and details from less secure sites. Then, they create a program that will try to use those details for a range of websites. They’ll try everything from banks to Netflix. If the program finds a match, it notifies the hacker.
If that happens to you, it’s bad enough. If a breach like this causes financial losses for your clients, you could be in serious trouble.
How to Guard Against a Credential Stuffing Attack
It goes without saying that you must ensure that your business systems are carefully protected. Take things a step further and speak to your employees about password safety. They must use a secure password that is unique to your systems.
Then punch up the security by enabling a two-factor authentication system. While there are ways around these systems, they are still one of the best options. At the very least, you’ll be notified if someone is trying to access your account.
Next up, review the access every employee has to your system. This should be limited to what they need to perform their duties.
Final Notes
When it comes to protecting your client’s and your own data, you need to step up your game. Being aware of the different vectors of attack is the first step. Now that you know more about credential stuffing, you can actively take steps to guard against it.