The Securities and Exchange Commission recently warned SEC registrants, including broker-dealers, investment advisers and investment companies of a rise in credential stuffing attacks. Today’s columnist, Jen Lau of Auth0, offers five tips for protecting against credential stuffing. (Credit: CC BY-NC-SA 2.0)

When it comes to cyberattacks, where there’s a will there’s a way. What started out as hackers guessing account usernames and passwords — a tedious and ineffective approach — has morphed into a widespread, low-cost, and highly-sophisticated attack process that can cause serious damage.

While certain security practices and products have evolved to proactively prevent and mitigate malicious attacks, many organizations still struggle to protect themselves against cyber threats, particularly against automated attacks such as credential stuffing. Our research found that more than 80 percent of companies find credential stuffing difficult to detect, fix, or remediate, which results in an average of more than $6 million a year in costs per company, and can cause a significant impact on IT resources, account takeovers, and lost brand reputation.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.