NEWS
UAE tops list in Middle East
for most employee data leaks
D
igital Shadows, a provider of
cyber situational awareness,
released its Compromised
Credentials research paper which
analysed the largest 1,000 companies
listed on the Forbes Global 2000.
The report found that 97% of those
companies, spanning all businesses
sectors and geographical regions, had
leaked credentials publicly available
online, many of them from thirdparty breaches. Credentials for over
5.5 million employees of the world’s
largest companies have been found
online, as large-scale data leaks
become the norm according to the
report. The top breaches were from
social media platforms with LinkedIn,
MySpace and Tumblr breaches being
responsible for a respective 30%, 21%
and 8% of the total credentials.
The report revealed that the most
affected country in the Middle East,
with over 15,000 leaked credentials
was the UAE. Saudi Arabia, Kuwait
followed by Qatar made up the rest of
the list. This figure is relatively small
as compared to the global figure due to
the lower percentage of organisations
that reside in the Middle East.
“The world used to be about your
perimeters and your network. Recently
there have been shifts as a result
of social media, cloud and mobile.
Which means that quite often, when
information is getting online, it is not
from the company, it is from a third
party like a contractor somewhere in the
company’s supply chain. Data breaches
are no longer an aberration, they are the
norm,” said Chris Brown, Vice President
EMEA and APJ, Digital Shadows.
10
Chris Brown, Vice President EMEA and APJ,
Digital Shadows
The report also
revealed that it is
not quite as simple
as organisations
just resetting their
passwords
“With credentials for over 5.5
million employees of the world’s
largest companies having been found
online and with 97% of the top 1,000
companies suffering from credential
compromise, it is clear that, irrespective
of size, industry or geography,
the vast majority of organisations
have credentials exposed online.
Compromised credentials hold
significant value for cybercriminals as
the information can be used for botnet
spam lists, extortion attempts, spearphishing and account takeover.”
The report also revealed that it is
not quite as simple as organisations
just resetting their passwords.
Password resets can cause a lot of
friction for organisations and so
it is necessary for IT departments
first need to figure out whether the
information stolen from a breach
is unique, re-posted, or outdated
information. 10% of the five million
leaked credentials in the report
were actually duplicates which can
cause even more confusion for an
organisation that has suffered a
breach. In order for organisations to
prepare themselves for the inevitable
data breach they need to first
understand the impact of a breach
and what they can do to prepare their
employees and business for credential
compromise.
Digital Shadows provides cyber
situational awareness that helps
organisations protect against cyber
attacks, loss of intellectual property,
and loss of brand and reputational
integrity. Its flagship solution,
Digital Shadows SearchLight, is a
scalable data analysis platform that
provides a view of an organisation’s
digital footprint and the profile of
its attackers. It is complemented
with intelligence operations analyst
expertise to ensure extensive
coverage, relevant intelligence and
frictionless deployment.
Issue 01
INTELLIGENT TECH CHANNELS