By Thomas Shambler
Digital Shadows global study reveals that 97 percent of the world's 1,000 largest companies are compromised
Digital Shadows, a provider of cyber security awareness, has said the UAE tops the list in the Middle East for most employee data leaks.
The report revealed that the UAE was most at risk with over 15,000 leaked credentials, followed by Saudi Arabia (3,360), Kuwait (203) and Qatar (99).
The Compromised Credentials research paper analysed the largest 1,000 companies listed on the Forbes Global 2000. The report found that 97 percent of those companies, spanning all business sectors and regions, had leaked credentials which were now publicly available online.
The details of almost 5.5 million employees from some of the world's largest companies are easily found on the internet. The report blames an increasing number of large-scale data leaks, including top breaches from social media platforms like LinkedIn, MySpace and Tumblr (30 percent, 21 percent and 8 percent of the data leaks, respectively).
In the Middle East, organisations in the technology sector were more exposed than any other, dwarfing employees who worked in financial services, oil and gas or chemicals.
"The world used to be about your perimeters and your network. Recently there have been shifts as a result of social media, cloud and mobile. Which means that quite often, when information is getting online, it's not from the company; it's from a third party like a contractor somewhere in the company's supply chain," said Chris Brown, Digital Shadows VP of EMEA and APJ.
"Data breaches are no longer an aberration; they are the norm. With credentials for over 5.5 million employees of the world’s largest companies having been found online and with 97 percent of the top 1,000 companies suffering from credential compromise, it is clear that, irrespective of size, industry or geography, the vast majority of organisations have credentials exposed online. Compromised credentials hold significant value for cybercriminals as the information can be used for botnet spam lists, extortion attempts, spear-phishing and account takeover."
The report states that companies wishing to protect themselves must go further than just resetting passwords. Instead, it recommends understanding the impact of a breach before briefing employees on what must be done in the event of a credential compromise.
Chris Brown, Digital Shadows VP of EMEA and APJ.