What is an account compromise?
Any account that is accessed by anyone not authorized to access the account is a compromised account. Weak passwords are one of the main reasons for account compromises; however, cyberattackers can sometimes use sophisticated tools to compromise accounts with stronger passwords. Password spray attacks, brute-force attacks, and pass-the-hash attacks are some of the ways attackers can gain unauthorized access to an account.
How to prevent account compromise
To prevent account compromise:
- Set a strong password policy that takes into account password complexity and password expiration times.
- Monitor all access and logons to critical servers, databases, and service accounts.
- Enforce multi-factor authentication.
- Put a process of least privilege and Zero Trust in place.
- Look for anomalies in time, count, and pattern in the behavior of users and entities.
- Implement a system of risk scoring that looks for the tell-tale signs of an account compromise.
