Cybersecurity incidents can occur through basic methods also; however, many of these issues occur when an attacker accesses legitimate credentials used on a computer network. Abuse of Authorized Access (Credential-Based Breaches) is one of the hardest threats to detect and prevent in the enterprise today.

Credential-based breaches are difficult to identify because they look like regular activity; therefore, when the intruder logs into a system using valid username/password combinations, his/her activity will blend in with that of other legitimate users. Thus, the security systems have a more difficult time detecting authorized access abuse than other types of cyber-crime, for example: hacking, etc., because authorized access abuse does not trigger an alarm ("normal system activity") in a security system.

An example of this growing concern appears in the data breach of DocketWise, where an attacker used compromised third-party partner credentials to gain access to DocketWise's files. Instead of exploiting a traditional technical vulnerability in DocketWise's network, the attacker exploited existing access points into/onto DocketWise's network to access sensitive files (this highlights a significant weakness in today's modern digital ecosystems).

There are many various methods that could result in the compromise of access credentials. For instance, an individual may obtain these credentials through phishing attacks (where an individual impersonates another individual in an attempt to obtain their credentials), poor password selection (where a user selects weak passwords or the same password across multiple user accounts), or a breach of third-party networks through a third-party vendor. Access to an organization's systems can occur as soon as the hacker has obtained access to those credentials.

Legal technology law firms are at an even greater risk of a credential compromise. Many of the software systems used by law firms contain numerous details about each client in the firm's database, such as personal identification, financial data, and details about a client's case. Consequently, when a hacker gains access to a law firm's systems, the risk may extend beyond the individual client, and have a significant impact on the entire legal process.

The DocketWise data breach clearly identified how modern software solutions have increased their dependence on third-party integrations. Most software solutions rely on third-party partners to enable data sharing, storage, and/or processing of data. Therefore, while these integrations allow a software solution to enhance the efficiency of a software solution, they also introduce additional points of vulnerability, which may enable a security issue in one partner's environment to result in a cascading impact on all software solutions connected to that partner.

Delayed discovery of credential-based breaches is also a large challenge. Because access seems normal, organisations may take longer to recognise unusual behaviour. This gives attackers time to navigate systems, access files, and steal data without being stopped immediately.

When it involves the misuse of credentials, breaches pose an even greater risk to individuals’ personal information, including Social Security number, financial information, and identification documents. This type of sensitive information can then be used by attackers to commit identity theft or fraud against an individual, or gain unauthorised access to an account. When login credentials themselves are exploited, this increases the risk of exploitation across other accounts that have used the same credentials as those used in the original attack.

To prevent this type of breach, a complete change in security approach is needed. Organizations must utilise more than just passwords and implement additional layers of security, such as multi-factor authentication, continuous monitoring, and anomaly detection. Limiting access to only those with appropriate clearance based on their job duties and regularly reassessing what access levels each employee needs can greatly reduce exposure.

Users can fairly easily positively impact their security by practicing good password management — by creating unique passwords and enabling any additional security measures available to them. Being informed about phishing attempts and questionable communications also contributes to their security.

As digital systems become more interconnected, the boundaries between authorized/unauthorized access continue to become more and more difficult to discern. For example, many recent incidents (e.g., DocketWise data compromise) emphasize that often times the biggest risk is not "breaking in", but simply being able to log in. The key to preventing these types of risks will be improving the way that credentials are managed and monitored in an increasingly interconnected environment.