REPORT
London’s FTSE 100
(AND THEIR SUBSIDIARIES)
Identity Exposure Report 2023
To understand how exposed employee identities impact organisations, SpyCloud combs through our entire database of assets recaptured from the criminal underground every year and analyses the dark web data of employees and consumers tied to the top 100 FTSE companies and their subsidiaries. Let’s explore key takeaways from the report.
Session cookies
THE IMPACT
Of all malware-exfiltrated authentication data, browser session cookies are the most prized because they allow cybercriminals to become an identity’s clone and bypass authentication to seamlessly hijack a session, allowing them access to sensitive data, escalate employee privileges, deploy ransomware, and much more.
session cookies tied to the employees of these organizations that give bad actors unfettered access to your network.
Password reuse
THE IMPACT
With credentials being the number one entry point for bad actors, password reuse is just one bad habit that increases an organisation’s risk of account takeover. Poor password hygiene of using weak, common, and/or reused passwords can lead to password spraying or credential stuffing attacks that result in ATO.
password reuse rate among FTSE 100 and their subsidiaries’ email addresses in our database that have been exposed in more than one breach.
Malware
THE IMPACT
Information stolen through malware infections is collected by cybercriminals and shared in small circles or sold at high values on criminal marketplaces. These high-severity exposures put your enterprise at risk of ATO and fraud, and make your organisation vulnerable to ransomware attacks.
assets tied to FTSE 100 companies and their subsidiaries from botnets, representing 58.6% of the 52.5 million total recaptured third-party breach assets.
Exposed Cloud Applications
THE IMPACT
These exposed credentials come from popular enterprise applications such as online email and office applications, cloud hosting environments, customer relationship managers, payroll management, video conference platforms, source code repositories, and much more. Data stolen from these applications can be used to aid attacks or can be the goal of the attack itself.
popular cloud applications that could give criminals incredible levels of access to corporate data.
Download this year’s report to see:
- An analysis of the breach and malware exposure of the FTSE 100 list
- Which sectors top the lists of highest password reuse and most exposed PII, opening the door for potential fraud
- Why compromised session cookies exfiltrated by malware pose a significant threat to enterprises
- The top 100 recaptured passwords of FTSE 100 companies and their subsidiaries’ employees in 2022
- How proper awareness, automated, preventative response, and remediation of stolen data and malware-infected devices lead to better security defenses no matter the industry or sector
Trusted by market leaders
With 500+ customers around the world, including half of the Fortune 10, SpyCloud is the leader in operationalizing Cybercrime Analytics to protect businesses.
We’re on a mission to make the internet a safer place by disrupting the criminal underground. Together with our customers, we aim to stop criminals from profiting off stolen data.
#1 Global
Streaming Service
#1 Global
Airline
#1 Global Software
Company
Leading
US Banks
#1 Global
Online Retailer
#1 US Crypto Exchange
Check Your Company's Exposure
See your real-time exposure details powered by SpyCloud.
