Platform

Unify HRM Overview

Platform

Capabilities

Identify: HROC Dashboard
Human Risk Quantification (HRI)

Insights

Benchmarking

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report
Report
Measure progress and ROI of action plans

Board and Executive Reporting

Manager Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

January 13, 2023

How to Identify, Prevent, and Remediate Account Takeovers

Have you ever received an email alert on a login attempt you didn’t request? A notification on your phone for a login verification code you definitely didn’t ask for? These are evidence that someone on the other end of that request is trying to gain access to your account. Without the right safeguards in place and the right knowledge of what to do when this happens, your account may be left vulnerable. Fraud detection is critical to ensure that account takeovers are detected and prevented before they can cause damage.

ATO

If it happens for one personal site, an account takeover might just be an inconvenience. But on a larger scale, account takeovers are serious business—and can lead to serious damage. What do you need to know to safeguard yourselves and your organization against account takeovers, and what can you do if one’s already happened? It’s critical to know how account takeovers work in order to protect yourself, and your company, most effectively. Fraud detection is a key component of any account takeover prevention strategy.

What is an Account Takeover?

An account takeover is when a third party gains access to an account when they shouldn’t have access. It could be any kind of account—personal or professional—and any kind of third party, but the greatest risk comes from cybercriminals targeting high-value accounts, such as ones containing financial data, in order to exploit a weakness, gather sensitive data, or operate identity theft schemes. Fraud detection systems can help identify unusual activity on accounts and alert the account owner or appropriate security personnel.

What Happens During the Attack?

During an attack, these cybercriminals might do a variety of things, from stealing important personal information, such as social security numbers, credit card numbers, addresses, and other key data, or even change information to benefit them. They might change the security questions, password, and account recovery information to effectively lock you out of your account. Using your information, they might open a new account, transfer funds, make payments, or place orders for high-value items like TVs, smartphones, and other electronics they can resell to be sent to them.

Whatever they’re doing in your account, they shouldn’t be in there in the first place, but how could all of these actions go unnoticed? Cybercriminals are often prepared for that, too: They turn off notifications before they cause havoc, and before you know what’s going on, it’s already happened.

How Does an ATO Happen?

There are various ways for an attacker to gain access to an account. The example above—sending out password reset requests over and over, or just plain old brute forcing passwords until one of them cracks an account-wide open—is one method.

Another technique, called credential stuffing, is when attackers use an automated program to test massive lists of stolen credentials against a variety of sites. The theory is because so many people reuse their usernames and passwords across multiple sites, they’re likely to get a hit.

Cybercriminals might also use phishing methods to obtain account credentials. Phishing involves sending out cleverly deceptive emails to targets in the hopes that they’ll click on a link, install a virus or keylogger, or otherwise compromise their own account security.

Whatever the method, the end result is the same: They’re in, poking around where they shouldn’t be. As soon as they get what they need, they can use your stolen credentials to do whatever they like with your account. And you might not even know it’s happening before it’s too late, and damage has been done.

Who is at Risk of an Account Takeover Attack?

There are certain risk factors that make you more vulnerable to an account takeover attack, but even if you believe it could never happen to you, you still need to be vigilant. If your username and password are the same on every single site, you’re basically leaving the door wide open for a credential-stuffing attack. But even if your password usage is unique on every single site, human error can still cause tremendous issues. As phishing attacks become both more common and more sophisticated, it’s important to have the knowledge and discernment to avoid being drawn in and exposing your own account to an attack.

The truth is, all companies that have a login portal are vulnerable to an account takeover attack. While there’s a lot you can do on the personal level to protect yourself when it comes to the corporate level, the answer becomes more complex, and risk is amplified. Stolen personal data can definitely ruin your day, and your credit, but stolen data on an organizational level could mean that financial data, private health information, or any number of critical systems become damaged beyond repair.

Account Takeover Prevention

Whether at the personal level, or at the corporate level, the first step to fighting account takeovers is prevention. A user base that is more aware of cybersecurity protocols can help protect the entire organization, and it starts with the right kind of training and engagement. Some of the best practices for preventing account takeovers include:

Password Hygiene

Don’t share passwords. Even if it would be more convenient, or a second person has a very valid reason to use your login information, don’t do it. On the personal level, it may be tempting to give a password out to a relative or friend for some innocuous reason—a relative who wants to order school photos through a photo-printing site, or someone who wants to use your HBO account—but this happens even in companies, too. Bottom line: Don’t do it. Every individual user needs their own account. This reduces the risk of a password getting out somewhere, and getting misused.

Also under the umbrella of good password hygiene is not reusing passwords across multiple accounts. Yes, it may be simpler to remember, but that doesn’t make it a good idea. Your work, Facebook, Netflix, and bank account passwords shouldn’t be the same.

Multi-factor Authentication

Combining a password with a second layer of protection can stop a potential account takeover in its tracks. This might look like adding in security questions that only the user knows, or a code that is sent only to your device. So long as you alone have access to the device and the code, you’re safe. In fact, multi-factor authentication has been shown to be a tremendously effective safeguard against account takeovers.

Security Monitoring + Response

Adding safeguards that monitor and respond to certain threats can also prevent account takeovers. Implementing limits on login attempts, for example, or blocking suspicious traffic or specific patterns of behavior that look like they could be automated can help prevent account takeovers. But in this respect, like for individual user behaviors, adaptation and upkeep are key. It’s just not enough to use one firewall or one type of strategy and leave it at that. Cyberattackers keep changing, and the methods of attack change, too. It’s important for security leaders to continue to monitor and respond to these threats as they change and adapt.

How to Recognize and Remediate an ATO?

Sometimes, an account takeover attack might be unavoidable. All of the best password hygiene in the world can’t prevent a data breach or the purchase of credentials on the dark web. If it happens, though, there’s a lot that you can do.

First, identify the attack. This might mean a continued vigilance of your personal accounts, or a security team that monitors and searches for things like multiple accounts sharing details, device spoofing, or suspicious login attempts.

Next, lock down the account. Change the login details, remove account permissions, or otherwise sequester or safeguard that specific user’s account in a way that means anyone with account access can’t get into the main system itself.

Then, remediate the attack. Scan for malware, review what just happened, and incorporate that analysis back into your overall security protocol. What can be learned from this? What needs to change? What vulnerabilities might have been exposed, and what sensitive information was accessed? What needs to happen differently to prevent this from happening again?

Better Cybersecurity for Your Company

At the end of the day, account takeovers are big business, and preventing them is an ever-evolving challenge. The actions you need to take to identify, prevent, and remediate them for your specific organization are likely going to depend on your organization’s needs. However, there are some things that are true across the board:

It’s better to know than to not know;
It’s better to train and educate than to remain ignorant;
And it’s better to be vigilant than to wait for clean-up.

How do you gather the information you need, inform your user base, and remain vigilant? You do it with a cybersecurity framework that is built to understand human behaviors. That’s what Living Security Unify does: it gives you the essential analysis of the human risk in your organization, so that you can know what actions people are taking (or not taking) and what impact that could have on their risk level for things like account takeovers. It allows you to see who needs to change their behavior and to accurately monitor what impact that training has on real-time behavior change.

Sometimes, account takeovers happen. But for a lot of them, they don’t have to. Know what’s happening before it becomes an incident, and empower your team, and your user base, with a vigilance that puts every single user on the front line of defense against account takeovers.

To learn more about what Living Security can help keep your employees cyber-aware and vigilant, request a demo.