It Only Takes One Compromised Account or Vulnerability to Cause a Data Breach

Cybercriminals only need one compromised account in order to wreak havoc on an organization

UK Parliament

This past week the UK Parliament experienced a brute force cyberattack. Hackers broke a number of weak passwords—compromising the email and potentially other sensitive accounts of Parliament members and staff. The Parliamentary Digital Service stated that “investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts.”

The agency was quick to report that the cybercriminals compromised less than 1% of Parliament’s 9,000 accounts during the 12-hour attack. We are glad to hear that the thieves stole only 90 user credentials (as far as we know), but let’s not forget that a single compromised account can lead to a massive data breach.

I am surprised Parliament isn't using two-factor authentication, which is something that would have removed the problem even in the case of weak passwords… in order to compromise your email account, they also have to compromise your phone, which raises the bar considerably.
— Lastline CTO, Giovanni Vigna | TechNewsWorld

One Compromised Account

Even one stolen account can lead to a disaster—ask anyone who’s had their identity stolen. In a corporate setting, it only takes one password, particularly if it belongs to a privileged user, to start an attack sequence that can lead to the capture of thousands or even millions of user accounts and records. With access to just one device, hackers can plant ransomware, keyloggers, botnets, worms, or many other varieties of malicious code. This malware, now residing on the victim’s device or network will almost always be designed to do two things:

  1. Corrupt or steal data from its host
  2. Infiltrate other systems on the network

The unfortunate reality is that cybercriminals only need to find a single hole in an organization’s defenses. One password, one misconfiguration, one system or application vulnerability, and hackers can infiltrate a network. On the other hand, system defenders must keep every device, system, and application secure, patched and up to date, and plug every potential vulnerability.

This unfair advantage that criminals have over defenders makes it imperative for organizations to use every advanced cybersecurity tool they can get their hands on, and to quickly detect infiltrations when they inevitably do occur.