DataDome

Corporate Account Takeover: How to Stop It Before It Hurts Your Business

Table of contents
Account Takeover
Paige Tester, Director of Content Marketing
14 Jan, 2023
|
min

Imagine there are always a few people hovering around your house, trying to find their way in. They check the doors, the windows, the garage gate, and whatever other entry they can find. They do this every day and every night, and when you chase them away, others come in their place. It is a relentless and never-ending attempt to break into your house, steal whatever you have, and break whatever they can’t take. 

It’s a scary scenario— that’s what’s happening to your business online. Hackers, fraudsters, and cyber thieves are constantly looking for a way in. Any weakness in your digital defenses will eventually be exploited and used for corporate account takeovers and digital fraud. This article will help tighten your defenses so you never experience a corporate account takeover.

Table of Contents

What is corporate account takeover & who is a target?

Corporate account takeover (CATO) is a type of fraud where cybercriminals gain unauthorized access to any kind of account associated with a business instead of an individual, whether that’s a corporate email account, user account, social media account, or bank account. Cybercriminals gain access using a wide variety of techniques, from phishing to malware to social engineering. No industry is safe from this, although it’s particularly prominent in the finance, retail, and healthcare industries.

How much does CATO cost business?

Account takeover is a rising threat for businesses. According to Javelin’s 2022 Identity Fraud Study, ATOs almost doubled when comparing 2021 to 2020. CATO is a costly and damaging experience for a business because it leads to:

  • Direct financial losses if a hacker gains access to a business’s financial accounts and succeeds in transferring funds. If you’re not quick to notice, these funds are often impossible to recover.
  • Legal and regulatory fees if a hacker gains access to user accounts or causes your business to lose sensitive user data. Frameworks such as GDPR and CCPA impose fines that can quickly become millions of dollars or euros.
  • Reputational damage if a hacker gains access to user accounts or social media accounts. Customers will think twice before buying from you again when they know you’ve been hacked. It takes a long time to build customer trust, but you can lose it all with one CATO incident.
  • Operational disruption because your employees will need to mitigate the damage and spend time replying to worried customers, investigating the breach, and creating a procedure so it never happens again.

Common Indicators of CATO

While there are many ways cyber thieves gain control of a corporate account, here are a few common indicators that something is afoot:

  1. Social engineering attempts: If your employees are receiving several suspicious emails or text messages asking for sensitive information, chances are that you’re the target of a corporate account takeover attack.
  2. Unusual network activity: Cyber thieves often rely on automated means of attack to find weaknesses in your defenses. A sudden, large number of unknown or suspicious IPs browsing your website is often an indicator of a CATO attack.
  3. Unexpected password resets: Any notification that a business password has been changed or reset should be taken very seriously. If not done by an employee, it’s almost certainly a CATO attempt.
  4. Changes to account information: Sometimes, changes to an account are subtle—contact information, addresses, or logins. These changes should be taken seriously as well. You may not have much time before the password changes and you’re locked out of your account.
  5. Unauthorized transactions: Any unauthorized transactions or unusual financial activity should be an immediate red flag for a business. If not explained rapidly, a hacker may be on the run with your money.

What leads to CATO?

Because corporate account takeover is an umbrella term that covers unauthorized entries into all kinds of corporate accounts, there are many things that can lead to them. Still, here is a list of the things that make your business vulnerable and the life of a hacker much easier:

  • Weak passwords: Short, generic, and easily guessable passwords on any account will eventually cause problems (password, admin, 12345, qwerty). Hackers use password crackers that can quickly rotate through tens of thousands of guesses and easily break into accounts with weak passwords.
  • Lack of multi-factor authentication (MFA): Even if an account has a weak password, if it’s protected with MFA, it immediately becomes much harder for a hacker to break in. The lack of such security, however, leaves your accounts exposed.
  • Phishing attacks: When an employee is tricked into believing that a particular message or email comes from an executive high up in the corporate chain, who asks for sensitive information. The employee obliges. Behind the email or message is a hacker who’s just hit the jackpot.
  • Malware infections: Keyloggers, remote access Trojans, or automated bots will attack all data layers of your technical architecture to find weaknesses. They will exploit bugs, old software, or improperly configured networks to break into your databases or accounts.
  • Insecure third-party applications: Insecure or unsecured third-party applications that your business is connected to can help a hacker gain access to your accounts.
  • Insider threats: A disgruntled employee or a poor offboarding process can lead to the inadvertent or malicious sharing of sensitive information, which can eventually lead to CATO.

5 Ways to Prevent CATO

Because prevention is much better than the cure, protecting your business against ATO requires a proactive approach to account security. Here are five ways to prevent corporate account takeover.

1. Strong Passwords and Multi-Factor Authentication

Strong passwords and MFA are crucial for preventing corporate account takeovers. A strong password is long, complex, and made with a combination of letters, numbers, and symbols. It should also be changed frequently and never be used on more than one account.

MFA is an extra security layer behind a strong password. MFA options like a biometric scan or a security token make unauthorized access to an account much harder. Be careful using SMS as your MFA, because text messages are more easily intercepted than, for example, a fingerprint scan.

2. CATO Detection Software

No hacker has the time to manually search for CATO targets and the weaknesses in their defenses; they use bots to find and attack companies. These bots can come in all forms and do much more than just infiltrate your accounts. They can also scrape your content, overload your website, click your ads to reduce your ad budget, and worse.

CATO detection software offers account takeover prevention by detecting and blocking unauthorized bots. It lets through the few bots you allow (like the Googlebot) while blocking all the other ones. Because CATO detection software runs on autopilot, it is a time- and cost-effective way to cut hackers short before they can do any damage.

3. Employee Training & Education

Bots aren’t the only way hackers will try to break into corporate accounts. They’ll also try to trick employees into giving away sensitive information. Phishing and social engineering attacks are why employee training and education are important elements for preventing CATO attacks.

Such training and education should include how to spot phishing emails and fake websites, as well as updating employees on the latest security threats and security best practices (such as always using a password manager and connecting VPN on public networks when working remotely). Employee security trainings should be held regularly, approximately once every six months.

4. Secure Third-Party Applications

No business is entirely self-sufficient. Almost every business relies to some degree on third-party applications, which poses a security risk. If these third-party applications aren’t secured properly, they can provide hackers with a way into your accounts and the sensitive information they carry.

To prevent this, you should review every new application’s security features and consider whether you really need the application in the first place. Once you connect to the application, you should ensure that it’s always kept up-to-date with the latest patches. Additionally, you should monitor the application for suspicious activity or signs of a potential CATO attack.

5. Good Access Controls

Not all employees need access to all accounts. To limit the threat of employees inadvertently or maliciously sharing sensitive account information, you need access controls that only give account access to the right people at the right time, as determined by their job function.

Because people frequently change roles in a business or leave the business altogether, you should regularly review and update your access controls. You should also change your access control so they’re always in line with the latest best practices and any compliance requirements you may have to follow.

What to Do If Your Business Is a Victim of CATO

An incident response plan will guide you through a CATO attack. What such a plan looks like will differ from business to business, but in general it will outline how you should respond, what steps you should take to contain the threat, who you should notify, and when you should notify them.

But if you don’t have an incident response plan during a CATO attack and you’re reading this article to understand what to do right now, you should contact the company or financial institution for the account that’s been broken into, and ask them to immediately freeze the account so the hacker cannot take any further action. 

Once you have regained control of your account, you should notify the affected parties, understand where the breach came from, and put a process in place so it never happens again.

Protect Your Business Against Corporate Account Takeover with DataDome

DataDome is account takeover prevention software that stops all malicious bots from accessing your websites, mobile apps, and APIs. It immediately recognizes and stops the threats that these bots bring, which typically range from corporate account takeovers to scraping attacks to DDoS attacks.

DataDome takes only minutes to install and fits nicely into your existing technical architecture. It runs on autopilot, although you can set up rules, allow-lists, and block-lists to customize it to your specific needs. If you’d like to learn more, book a demo or sign up for DataDome’s free 30-day trial today.

DataDome
Paige Tester
Director of Content Marketing
Paige is the Director of Content Marketing for DataDome. With over a decade of expertise in content creation, she leads the development of in-depth, strategic content that highlights advanced bot detection and online fraud prevention techniques. Her work empowers cybersecurity professionals with actionable insights and cutting-edge knowledge, ensuring they stay ahead of emerging threats.

Related posts

DataDome
dd product home overview

Still exploring?

Start with an on-demand demo.

Watch a demo