Between July of 2018 and June 2020, the retail, hospitality and travel industries were hit with 63 billion credential-stuffing attacks. Credential stuffing is a cyber attack method in which attackers use lists of compromised user credentials to breach into a system. The attack uses bots for automation and scale and is based on the assumption that many users reuse usernames and passwords across multiple services. Consider that these three verticals only represent a small sample of industries.
Pair this with another article that states that 36 Billion Personal Records were Exposed By Hacks In 2020 alone. Considering that the personal records stolen will have username and passwords within them (and data to guess additional passwords), 2020 just got a lot worse, because the data breaches fuel the effectiveness of credential-stuffing attacks. Knowing that users often re-use their passwords, it is folly to assume that your environment is immune to these types of attacks.
The solution: multi-factor authentication for all of your external facing systems COMBINED with the use of monitoring software that can flag successful logins across systems, bot activity and behavioral analytics. This is a threat that grows exponentially effective after every major data breach. Ensure that you have the right solutions to protect your systems. If you have questions, feel free to contact us – we have answers!