Sergey Nivens - Fotolia
I've seen some experts advise taking the time to review credential dumps following high-profile incidents to see if users/usernames or corporate email addresses are included. What's your take? On one hand, it seems like a lot of work, yet on the other hand, I know attackers often use stolen credentials from one source to perpetrate targeted attacks against a user's other accounts.
This is actually a simple answer. As the custodian of your workers' and/or customers' identities, you are responsible to do everything in your power to ensure you are adequately protecting their information.
Unfortunately large numbers of incidents of breached user information are occurring on a regular basis. And when these breaches occur, the breached organizations are generally unaware that identity information was stolen until a third-party investigator, or consumer who's had his identity information used in an unauthorized manner, approaches the company about the possibility of the leaked information. If an identity dump is made available, and a cursory search identifies information that may be related to the organization's identity files, then yes, prioritize a work team to do a deep dive on the information looking for stolen information regardless of how much work it may take.
Be aware the dump may actually be an attempt by a malcontent to inject malware in an unwitting organization by infecting the dump file. Ensure analyzing such a file happens on a well-protected system, preferably not on your enterprise network, and consider potentially wiping it upon completion of the analysis. Better safe than sorry.
What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you. (All questions are anonymous.)
Ready to better protect identity info? Randall Gamby explains the benefits of open source identity management software
Check out this essential guide to formulating and managing online identity and access control
Dig Deeper on Privileged access management
Related Q&A from Randall Gamby
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ... Continue Reading
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ... Continue Reading
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading