Data breaches have become the norm in recent years with 2014 earning the nickname the “year of the data breach” and 2015 being known as the “year of the breach.” So far in 2016, even more data breaches have been made public, including LinkedIn, MySpace and Dropbox and we will likely see more before the year comes to a close.
For companies, being the victim of a breach is unnerving enough but there also implications to their reputation, brand and finances. However, breaches also have an indirect impact on organisations and some end up facing the “collateral damage” of such an attack for some time after the initial breach.
Employees that reuse corporate emails and passwords put their organisation at risk following a breach by the lack of security that stems from using credentials that have been compromised. A new report has found that amongst the largest 1,000 organisations worldwide, there are over 5 million leaked credentials on the web that could be used by attackers to gain access to sites or even launch new attacks.
A great deal of these credentials come from the LinkedIn and Adobe breaches as both of these companies offered services that many employees would sign up for using their work emails. Another more surprising source of leaked corporate credentials comes from MySpace, which should be somewhat worrying for organisations. Gaming sites and dating sites also had an impact on organisations with over 2,000 leaked credentials coming from the Ashley Madison breach alone.
It should be as simple as making employees reset their passwords for these organisations but unfortunately it is not as password resets can often cause a great deal of unrest at many companies. This is why IT departments first need to figure out whether the information stolen from a breach is unique, re-posted, or outdated information. 10 per cent of the 5 million leaked credentials in the report were actually duplicates which can cause even more confusion for an organisation that has suffered a breach.
In order for organisations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise.
Image credit: Frank_Peters / Shutterstock