In 2015, a startling statistic emerged when examining data security. Of all the compromised data as a result of data breaches, over 75% were due to stolen credentials. This should underline the importance of businesses securing privileged credential, particularly when using Microsoft Active Directory Services.
Microsoft has released a set of guidelines for Credential Theft Mitigation. Unfortunately, most businesses haven’t implemented them due to not being aware of their existence and those that do haven’t done so do to their cost and complexity.
The consequence of this is that attackers using stolen credentials can have unrestricted access to networks for months at a time. For businesses that are affected, this can halt operations ultimately leading to lost revenue.
To help deal with this problem, businesses and organizations need to train their employees to be able to recognize social engineering attacks and phishing emails. It’s also a good idea to compartmentalize who has access to what so that if someone’s credentials are stolen, the thieves don’t have access to the whole system.