Massive data breaches that result in the compromise of personal information such as social security numbers, addresses, credit card information, and credentials have dominated headlines in recent years. Details are frustratingly slow to emerge: it took years to find that the 2013 Yahoo hack affected all 300 billion accounts, and three months after the Equifax breach, millions of consumers have still not been notified that their personal information may be in the wrong hands.

Why is the slow reveal so alarming? In that lag time, unsuspecting consumers have no idea vital information like login ID’s and passwords are up for grab on the Dark Web. It took three years to reveal that the 2013 Yahoo Hack resulted in 200 million sets of valuable information for sale on the Dark Web, including passwords and the security questions and backup email addresses used to reset lost passwords.

People are creatures of habit, and hackers know that credentials are often used repeatedly across cloud services and websites for personal and business use.

With exploit kits readily available on the Dark Web, the barrier to entry for hackers and level of knowledge required to launch cyberattacks are significantly lowered, and these “compromised credentials” pose a very significant threat to the enterprise.

IT professionals are finding it increasingly difficult to protect data from the growing number of cloud-borne threats, as high volumes of sensitive data continue to be stored and shared via the cloud. The delicate balance between empowering staff to access and use cloud services– often with their own passwords and login credentials– is becoming that much harder to achieve.

Luckily, technology isn’t just a means to unwittingly expose sensitive data. Smart solutions exist to also protect that data, and make sure IT remains one step ahead of a potential attack. To combat these growing cloud-borne threats, organizations are turning to cloud access security brokers (CASBs) that help solve these issues by setting security policies in place, such as single sign-on, data loss prevention (DLP), malware detection, authorization and more.

CASBs enable IT teams to set policy based on an individual user’s web reputation, which is based on the prevalence across the web of that user’s most commonly deployed credentials. This works by asking new employees for their most commonly-used login ID’s so that IT can run a reputation score on them.

While this procedure may sound draconian, it is a necessary precaution given what’s at stake. A password provided by an employee’s IT department likely meets strict requirements, but is easy for the employee to remember. As a result, that employee may often feel more confident using corporate login credentials to register for services online.

When that same password is used as a corporate login and also used for a personal site– one that very likely will or has been hacked, that poses huge risk for businesses. Knowing which login credentials have been reused– and identifying those that may have been compromised– is a crucial step for IT departments.

It’s about more than just changing passwords. An outsider using an employee’s compromised credentials will look like an insider unless extra intelligence is gathered. Unusual behavior and abnormal usage patterns alert security teams to suspicious circumstances, but only if they have the necessary tools in place for visibility and control of employee behavior, such as a CASB. Surgical visibility and control, and robust data analytics are crucially important as they will help differentiate between employees and bad actors.

Organizations should use policy and training to coach staff so that they can use secure cloud services without impacting productivity or security. One powerful example would be a policy which would effectively triage uploaded data into the most suitable cloud storage app – Box, Dropbox, Egnyte, OneDrive, etc. – based on the required security level dictated by the nature of the data.

In this case, the decision of which app or service to use is taken out of the employee’s hands. When policy is applied in this way, even if a consumer-grade cloud service were to be breached, the organization can be sure that no critical data will be compromised.

While organizations can’t completely control their users’ credentials across the entire web, what they can do is enact practical measures to ensure smart usage, and seek and block out hackers. This would ensure that credentials that are compromised during a data breach will not come back and haunt them somewhere down the line.

Having granular visibility into both sanctioned and unsanctioned cloud services in a cloud environment is key: with a complete 360-degree view into how services are being used and how best to secure the data within them, employees will be able to work most effectively in the cloud, while ensuring the safety of precious company data.

(https://www.infosecurity-magazine.com/opinions/employees-compromised-credentials/)