New report: 97 percent of the top 1,000 companies suffer from credential compromise

New report: 97 percent of the top 1,000 companies suffer from credential compromise
Michael Marriott
Read More From Michael Marriott
September 20, 2016 | 2 Min Read

Data breaches and credential compromise are not new. After all, 2014 was known as the “year of the data breach”. Last year was similarly dubbed the “year of the breach”. In 2016, we have witnessed even yet more data breaches made public, including LinkedIn, MySpace and Dropbox. Data breaches are no longer an aberration; they are the norm.

For companies that were the victims of breaches, there are clear reputational, brand and financial implications. Indeed, a recent study by ENISA provided a great overview of the studies that have attempted to enumerate these costs.

So what about the indirect impact of the breaches? Organizations with employees who have reused corporate emails and passwords can also be at risk. These organizations suffer from the “collateral damage” of the initial breaches. Indeed, our latest research found that, for the largest 1,000 organizations in the world, there are more than 5 million leaked credentials.

Most significant data breaches and the Forbes 1000

It’s perhaps of little surprise that the breaches impacting the global 1,000 companies the most were LinkedIn and Adobe – both services that employees can be expected to sign up to such services with their work accounts. However, there were also less expected sources. The high level of corporate credentials from MySpace, for example, should cause organizations to pause for thought. Worse still, gaming sites and dating sites also affected organizations. For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies of the Forbes Global 2000.

But organizations can just reset their passwords, right? It’s not quite that simple, unfortunately. Password resets can cause a lot of friction for organizations and so it’s necessary to first ascertain whether the breach information is unique, or is simply re-posted, old information? Indeed, 10 percent of the claimed leaked credentials in our report were duplicates.

6 Factors To Consider When Assessing The Severity Of A Data Breach from Digital Shadows

Even with unique leaked credentials identified and passwords reset, compromised credentials hold significant value for cybercriminals. The information can be used for botnet spam lists, extortion attempts (as was the case with Ashley Madison), spear-phishing, and account takeover.

Companies need to develop an understanding of the impact of these data breaches. Our latest research paper analyzes this information to understand trends, outlines how adversaries are using this information and, most importantly, what you can do to prepare for and mitigate instances of credential compromise.

Related Posts

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
How to minimize cybersecurity breaches in 2020

How to minimize cybersecurity breaches in 2020

April 8, 2020 | 9 Min Read

Seriously, don’t click back or close – I...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...