Last updated at Wed, 12 Feb 2020 18:36:01 GMT

Maybe you've heard a few of the key points from this year's oft-cited Verizon Data Breach Investigations Report (VDBIR). (Or maybe you've been meaning to get around to it.)

But if there's only one thing you remember from the report this year, it's this: As of 2014, the most common way an attacker will get in to your organization's network is via compromised user credentials.

Attackers aren't trying to bust the door down or even pick the lock (as much), as they're finding it's increasingly easy to simply up and grab the keys.

While the success rate for stolen credentials might sound low compared to other methods—the VDBIR says 9% of phishing attempts are successful, for example—keep in mind that it takes the compromised credentials of just one single user for an attacker to get in to your network, poke around, get what they're looking for, and get away with the goods. And all this can happen in a matter of minutes or seconds. Meanwhile, it usually takes weeks or months for the average organization to even realize what just happened.

If you'd like to make it harder for attackers to target users at your organization, we've put together a short-and-sweet guide with 10 tips on how to detect users that have been compromised (as well as users that might be acting with malicious intent). And it just so happens that we call this guide (drum roll please): Ten Tips for Detecting Malicious and Compromised Users.

It's a super-quick read, and the 10 tips aren't "Educate your users to stop clicking phishy links!" ten times over, I promise.

You can find our guide, "Ten Tips for Detecting Malicious and Compromised Users," right here.

See how Rapid7 products and services can help you detect attacks leveraging compromised credentials here.

Thanks all!


P.S. I realize probably no one has used the ol' key-in-the-soap trick since the Hardy Boys.