ORLANDO, Fla. — Companies are spending more to protect customer data, cloud platforms and digital operations, but cybersecurity leaders are also being asked a tougher question: Is that spending actually reducing business risk?
That question is becoming more important as hackers increasingly use stolen usernames, passwords and access tokens to get inside company systems.
Instead of breaking in with obvious malware, attackers can log in with real credentials and appear, at least at first, like legitimate users. That can make a cyberattack harder to spot and more costly to stop.
Ajai Paul, a senior cybersecurity leader at Affirm and a member of the Forbes Technology Council, has pointed to identity-based attacks as one reason companies are rethinking how they evaluate managed detection and response programs.
In a published case study on Affirm’s use of Expel MDR, Paul discussed the importance of detection systems that can understand not just that someone logged in, but whether the activity makes sense.
“Detection only works when it understands not just what happened, but whether it should have,” Paul said in previously published comments.
Industry research shows why companies are paying attention. IBM’s 2024 X-Force Threat Intelligence Index found that the use of stolen credentials to access valid accounts surged 71% year over year and represented 30% of incidents X-Force responded to in 2023.
For businesses, a stolen login can create a costly blind spot. A compromised account may give attackers access to customer records, internal messages, financial systems or other sensitive tools.
The longer that activity goes unnoticed, the greater the potential damage. Companies can face downtime, fraud, legal exposure, compliance questions, recovery costs and reputational harm.
That is why speed and context are becoming more important in cybersecurity. A tool that only creates more alerts may not lower risk if security teams cannot quickly tell which alerts matter. A system that helps teams spot suspicious account activity sooner may help limit damage before an incident spreads.
Paul said threat detection needs to move closer to where attackers are operating.
“Threat detection needs to move where the threat surface lives,” Paul said. “Today, that is inside identity systems. And detection only matters if it leads to response.”
As more companies rely on cloud tools, remote workers, contractors and third-party apps, employee accounts have become a major part of business security. Every login is not just an IT event. It can be a potential business risk.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.