Most people still use single-factor authentication to identify themselves (a pretty big no-no in the cybersecurity space). And while stricter password requirements are starting to be enforced (like character length, a combination of symbols and numbers, and renewal intervals), end users still repeat credentials across accounts, platforms and applications, failing to update them periodically. This type of approach makes it easier for adversaries to access a user’s account, and a number of today’s breaches are thanks to these credential harvesting campaigns.
Detecting compromised accounts is straight forward enough. Does your SOC monitor breach reports for recent breach disclosures? Does your SOC track failed logins followed by a successful login?
Defending against compromised credentials should be fairly simple. A good password policy along with sensible user awareness training will go a long way to ensuring credentials will not get compromised. Of course, two factor authentication is a great solution too.