Digital Shadows, a provider of cyber situational awareness, released its Compromised Credentials research paper. After analyzing 1,000 companies listed on the Forbes Global 2000, the report found that 97 percent of those companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online, many of them from third-party breaches. Credentials for over 5.5 million employees of the world’s largest companies have been found online, as large-scale data leaks become the norm according to the report. The top breaches were from social media platforms with LinkedIn, MySpace and Tumblr breaches being responsible for a respective 30 percent, 21 percent and 8 percent of the total credentials.
The report revealed that the most affected country in the Middle East – with over 15,000 leaked credentials was the UAE. Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organizations that reside in the Middle East.
In the Middle East, organizations in the Technology industry were far more exposed than any other, dwarfing Financial Services, Oil & Gas and Chemicals.
“The world used to be about your perimeters and your network. Recently there have been shifts as a result of social media, cloud and mobile. Which means that when information is getting online, it’s not from the company; it’s from a third party like a contractor somewhere in the company’s supply chain. Data breaches are no longer an aberration; they are the norm. With credentials for over 5.5 million employees of the world’s largest companies having been found online and with 97 percent of the top 1,000 companies suffering from credential compromise, it is clear that, irrespective of size, industry or geography, the vast majority of organizations have credentials exposed online,” said Chris Brown, Digital Shadows VP EMEA and APJ.
The report also revealed that it is not as simple as organizations just resetting their passwords. Password resets can cause friction for organizations and so it’s necessary for IT departments first need to figure out whether the information stolen from a breach is unique, re-posted, or outdated information. 10 per cent of the 5 million leaked credentials in the report were duplicates which can cause even more confusion for an organization that has suffered a breach. In order for organizations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise.
