London’s FTSE 100
(AND THEIR SUBSIDIARIES)
Identity Exposure Report 2023
To understand how exposed employee identities impact organisations, SpyCloud combs through our entire database of assets recaptured from the criminal underground every year and analyses the dark web data of employees and consumers tied to the top 100 FTSE companies and their subsidiaries. Let’s explore key takeaways from the report.
Session cookies
THE IMPACT
Of all malware-exfiltrated authentication data, browser session cookies are the most prized because they allow cybercriminals to become an identity’s clone and bypass authentication to seamlessly hijack a session, allowing them access to sensitive data, escalate employee privileges, deploy ransomware, and much more.
session cookies tied to the employees of these organizations that give bad actors unfettered access to your network.
Password reuse
THE IMPACT
With credentials being the number one entry point for bad actors, password reuse is just one bad habit that increases an organisation’s risk of account takeover. Poor password hygiene of using weak, common, and/or reused passwords can lead to password spraying or credential stuffing attacks that result in ATO.
password reuse rate among FTSE 100 and their subsidiaries’ email addresses in our database that have been exposed in more than one breach.
Malware
THE IMPACT
Information stolen through malware infections is collected by cybercriminals and shared in small circles or sold at high values on criminal marketplaces. These high-severity exposures put your enterprise at risk of ATO and fraud, and make your organisation vulnerable to ransomware attacks.
assets tied to FTSE 100 companies and their subsidiaries from botnets, representing 58.6% of the 52.5 million total recaptured third-party breach assets.
Exposed Cloud Applications
THE IMPACT
These exposed credentials come from popular enterprise applications such as online email and office applications, cloud hosting environments, customer relationship managers, payroll management, video conference platforms, source code repositories, and much more. Data stolen from these applications can be used to aid attacks or can be the goal of the attack itself.
popular cloud applications that could give criminals incredible levels of access to corporate data.
Download this year’s report to see:
- An analysis of the breach and malware exposure of the FTSE 100 list
- Which sectors top the lists of highest password reuse and most exposed PII, opening the door for potential fraud
- Why compromised session cookies exfiltrated by malware pose a significant threat to enterprises
- The top 100 recaptured passwords of FTSE 100 companies and their subsidiaries’ employees in 2022
- How proper awareness, automated, preventative response, and remediation of stolen data and malware-infected devices lead to better security defenses no matter the industry or sector