Staff at Fortune 1000 enterprises put their employers at risk
A new report has identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26 percent increase over last year's analysis.
The study from SpyCloud, based on its database of over 200 billion recaptured assets, also shows a 64 percent password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices.
"In the last two years, most companies' attack surfaces have expanded due to the new reality of a hybrid workforce." says David Endler, co-founder and chief product officer of SpyCloud. "Combined with facing a barrage of threats from malicious actors and the state of global affairs, there's an urgent need for Fortune 1000 companies to shore up all threat vectors, starting with identifying and remediating compromised employee credentials and malware-infected devices."
SpyCloud researchers identified credentials, PII and infected device data of 70,000 Fortune 1000 employees in recaptured botnet logs containing details siphoned using infostealer malware. In addition nearly 29 million malware-infected consumer devices were used to log into the consumer-facing sites of Fortune 1000 companies, exposing their credentials and PII to fraudsters.
"Malware infections on personal devices are the riskiest source of exposure because they are so difficult to detect and can drastically increase the attack surface for ransomware," Endler says. "These attacks could not only lead to disastrous consequences for a company's bottom line but could also significantly impact sectors such as critical infrastructure."
The findings show critical infrastructure employees exhibit the poorest password hygiene, however, the technology sector has the most severe exposure, with over 26 million breach records representing 139 million employee assets (credentials, PII, cookies, etc) -- comprising 21 percent of all exposed Fortune 1000 records, followed by financial services with 21 million records and nearly 120 million assets.
Technology companies also had the largest number of malware-infected devices across sectors, with nearly 70 percent of all infected consumer devices identified among the Fortune 1000.
You can get more detail in the full report available from the SpyCloud site.