So, if an attacker finds your Gmail password, then they’ll be able to use those credentials to log in to your Netflix account if you happen to use the same credentials for these accounts. Media, gaming and entertainment companies saw 11.6 billion such attacks in second half of 2018 alone and up to 200 million attacks against sites in the video media sector alone.
Meanwhile, the overall figures may understate the extent of the problem in industries in which email addresses are not used as user IDs, notably the financial industry.
Earlier this year, the discoveries of five caches of login credentials that were floating around the internet and between them contained 2.2 billion purloined login details.
Such Credential Stuffing attacks can have an even more serious impact in a business and enterprise context. If your organizational members use the same set of credentials for their personal and professional accounts, your organizational network and critical business data might be at risk. You can protect yourself from credential stuffing by adopting certain best practices as well as technological tools.
To prevent credential stuffing, the simplest countermeasure is to educate your employees on using different passwords for all their accounts. They must be especially taught to differentiate their work and personal account credentials to minimize the risk to critical enterprise data, which can have severe implications for the entire business.
However, you cannot be assured that all your employees will adopt healthy password management practices, at least not in the short term. Thus, you need to adopt multifactor authentication for protecting your business applications, which will lower the chances of attackers gaining entry to your enterprise network. That’s because multi-factor authentication minimizes the dependence on login credentials which makes your network security more robust.
While many cyber attacks are caused by a failure in cybersecurity systems, most of them -- such as credential stuffing -- are caused by the carelessness of employees. Using a firewall solution that also offers 2-factor authentication will guarantee that even if your employees’ passwords are compromised due to their negligence, attackers still won’t be able to access your enterprise network. That way, you’ll have a cybersecurity system in place that is resistant to both technological failure and human flaws, all in a single, easy-to-manage package.