There are many critical risks to organizations impacted by credential theft, from financial losses to data theft. Stolen employee credentials can be sold on the black market to cyber criminals looking for new targets. Criminals can then use those purchased credentials to compromise business networks of their choice.
Potential security events associated with credential theft include unauthorized access to endpoints and/or servers, which may result in fraudulent payments being initiated or data theft — including credentials and proprietary company and customer information. Or they can lead to malware infection, such as ransomware that locks users out of computers, encrypts files and holds those computers and files hostage until a heavy ransom is paid.
If a business experiences a credential security incident, several adverse outcomes beyond data theft, malware infection and financial losses may follow. News of the compromise can cause reputational harm, which damages customer, vendor, investor and shareholder trust. This often leads to lost business and lost profit. In addition, responding to the incident and remediating impacted systems can result in lost productivity and operational delays.
Criminals can also use stolen credentials to gain access to high-level targets, such as executives, finance/accounting departments and human resources. Infiltrating their communications, applications and devices enables access to sensitive data like upcoming mergers and acquisitions, product roadmaps, and employee health, salary and performance information. Criminals could then threaten to publish data or use it in other extortion schemes.