EXECUTIVE SUMMARY:

A corporate account takeover can present significant risks to and have far-reaching consequences for any organization. It can drive severe financial losses, reputational harm and operational instability, among other issues.

When it comes to corporate account takeover attacks, cyber criminals commonly target entities that conduct electronic financial transactions. Or, they look for organizations that clearly have available financial resources, valuables and/or intellectual property secrets.

“Typically, what will happen is, there’ll be an attacker that’s usually part of a pretty well-funded criminal enterprise overseas who will send someone a convincing looking text message, or an email, or a phishing link that they’ll hope that the recipient will click on,” says Gil Vega, CISO at Veeam Software.

10 Top Corporate Account Takeover Prevention Strategies

In Q1 of 2023, identity-based attacks, including account compromise, corporate account takeover and long-lived access key theft, made up 57% of all cyber security incidents identified and recorded, according to the Expel Quarterly Threat Report. Leverage the insights below and stop corporate account takeover attacks.

1. Regular security audits and assessments. To stop corporate account takeovers, conduct frequent security audits and vulnerability assessments. In so doing, you’ll isolate weaknesses in account security. If you quickly address vulnerabilities by applying patches and updates as needed, attackers will have fewer opportunities than otherwise to exploit system weaknesses.

2. Zero trust architecture. Go all-in on a zero trust approach, where no user or device is inherently trusted. Implement strict access controls, continuous authentication and micro-segmentation. The latter will limit lateral movement across a network, reducing the likelihood of a successful account takeover.

3. Multi-factor authentication. Cyber criminals can crack passwords at lightning speed, but it’s tough for them to put passwords to the test if multi-factor authentication is enabled. If you’re “allergic” to multi-factor authentication and are averse to its implementation, see CyberTalk.org’s 7 Reasons to Use Multi-Factor Authentication

Notably, cyber adversaries are growing increasingly competent when it comes to creating web pages that look identical to corporate login screens. In turn, this enables criminals to dupe people into divulging their MFA credentials. Organizations may want to enhance MFA with advanced password protocols, such as Fido keys.

4. Contextual access management policies. The risk of corporate account takeovers is significantly reduced with contextual access management policies. Contextual access management policies further protect user accounts from unauthorized access by considering factors beyond credentials.

Contextual access management policies can request for users to provide additional authentication factors. Alternatively, if an access attempt is logically implausible or derives from an unproven device, a contextual access management policy may deny authentication altogether.

5. Employee education and training. “Human firewalls” play a critical role in preventing corporate account takeovers. Cyber security leaders need to ensure that employees receive the right messages and know what to look for when it comes to malicious content. Do your employees realize the importance of scrutinizing the sender’s email address and hovering over a URL to examine it ahead of clicking?

6. Defense-in-depth. It’s probably inherently evident based on what we’ve said already, but it’s worth clearly articulating — Organizations need to deploy layers of prevention and defense mechanisms. These include vulnerability management protocols, network segmentation, email/web filtering, intrusion detection and monitoring, third-party risk management and comprehensive incident response.

7. High-quality security monitoring. Ensure that your organization either has 24/7 in-house monitoring systems or that you employ an MSSP to continuously monitor alerts. Security teams report that travel-type alerts are common in relation to corporate account takeover attempts. These alerts often flag a single login in one location and a duplicate login in a location half-way across the world.

8. Behavioral analytics. Leverage behavioral analytics to establish what normal user behavior looks like (baseline). Once a User Entity and Behavior Analytics (UEBA) solution has a clear ‘understanding’ of how an organization’s systems typically operate, it can identify deviations that may indicate threats.

For example, a UEBA solution can raise an alert when a user account unexpectedly starts requesting access to unusual systems and tries to explore the network. Although the change in activity could be harmless and point to new responsibilities recently conferred upon an employee, it could also indicate user credential compromise.

9. An incident response plan. Create a comprehensive incident response plan. Include steps that security staff need to follow in the event of a corporate account takeover. Think communications protocols, isolation procedures and a process for recovering compromised accounts.

10. Vendor and third-party risk management. Your security measures should extend to vendors and third-party entities who retain access to your systems. Require them to adhere to security standards. Regularly review their security practices and provide education around your recommended best practices, as applicable.

The strategies outlined above can increase resilience amidst waves of corporate account takeover attempts.

For additional actionable cyber security insights, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.