Preparing for your success,
we provide truly prominent IT solutions.
Many companies face large issues when it comes to compromised accounts. Phishing emails appear so convincing that end users are more than happy to give up their username and password after clicking on a malicious link. When a threat actor has control of account credentials there is no telling how much of your personally identifiable information, intellectual property or financial assets may be stolen as a result. These situations also yield other dangers, access to critical locations in your network and systems can be held for ransom, malicious programs and viruses may be injected into your system, rendering it useless or causing downtime that may not bode well for your company – financially, statutorily and reputation-wise. Many times, there are telltale signs that questionable activity is happening. Password can be changed, unusual inbox activity or unexpected emails may be experienced, mismatched IP address, and in many cases, there may be no signs at all. Ultimately, once accounts are compromised, this means the integrity is compromised and until the cause is discovered and mitigated, no file is reliable, this means programs, documents, spreadsheets, images, etc. are all questionable.
Dealing with Compromised Accounts requires a methodical and adaptive plan for your Cyber Security Incident Response Team (CSIRT). Critical 18 will closely examine your organization, and tailor a playbook for effectively handling compromised accounts.
Major considerations for a compromised account include (but are not limited to):
How was the compromise discovered or detected?
What is the root cause or method of compromise? Phishing email? Brute Force Attack?
Are there emails that should be purged from mailboxes?
What method will be used for documenting the incident?
How do you distinguish between an insider threat and an account that has been hacked?
What has been accessed?
What systems associated with the account will need to be reviewed/examined?
What teams are notified or engaged when a compromise takes place?
What types of logs, emails, netflow, etc. are gathered as evidence?
In the event multiple accounts are compromised, who is patient zero?
Critical 18 also offers trainings on personal, organizational and executive security practices. We will educate your employees on cyber safety protocols and procedures which will help to minimize the possibility of breaches and compromised accounts. We can assist your organization in setting up additional security controls, such as 2-Factor Authentication (2FA), the usage of stronger password policies and educating employees on the types of dangers to look for so that there is less of a chance that accounts are compromised and breaches occur.