In recent years, massive data breaches have become regular news items – and for a good reason. During these attacks, millions of credentials are leaked and made available to malicious actors. With them, hackers have free reign to attack other sites in the hope of gaining access to user accounts.
But there is another, considerable threat bubbling below the surface.
Many people fail to recognize the damage incurred by small, unreported data breaches that take place all the time. Once a set of credentials appears on the Dark Web, it makes no difference where it came from. This rouge data can cause serious harm.
According to Verizon’s 2018 Data Breach Investigations Report, 58% of cybercrime victims in 2017 were small businesses.
In another recent study, analysts found that 90% of credential exposures comprised under 5,000 accounts. Which means they were connected to small and medium-sized businesses (SMB).
What’s the risk to your business?
A third-party data breach is a third-party data breach – wherever it originates from.
The problem is, most people use the same passwords and usernames over multiple accounts. So, if hackers compromise a user account in one breach, and that user enters the same credentials into your site, your business is at risk.
It doesn’t matter how small that the initial breach was. It only takes one match to put the security of your website, and your users, in jeopardy.
Why are SMBs so vulnerable?
For a start, it takes a lot longer for smaller websites to recognize a breach. When a large-scale breach takes place, administrators tend to be notified far more quickly.
Firstly, larger companies tend to have better detection tools. Secondly, a major breach is more likely to be picked up by the cybersecurity community and relayed to the media.
SMBs may NEVER know they’ve had a breach. And this is dangerous for everyone.
Individuals are less likely to be informed that someone has compromised their credentials. If they don’t know this, they won’t change them. If they are re-using those credentials elsewhere, their other accounts could be at risk too. One of those accounts could be on your website.
With less cybersecurity infrastructure in place, some SMBs may store passwords unsafely. So, if there is a breach, hackers can get the credentials they want quickly and easily.
Automated credential stuffing attacks using thousands, if not millions of breached credentials are on the rise.
You can protect yourself and your users from the threat of breached credentials with EyeOnPASS. But, to stop your site becoming the next source of breached account information, try the following steps.
At the very least, all businesses operating online should:
–> Want to learn more about Data Breaches? Read our post about 5 Simple Steps to Protects your Website from a Data Breach