A new research report released last week, which examined financial industry-specific data from January 2018 through September 2021 discovered that the vast majority of employees from the Fortune 500 financial firms have had their corporate credentials exposed, making for a huge potential for impactful breaches.
While most major enterprises, including financial service institutions (FSIs), have come around to the idea that serious breaches are not a matter of “if, but when,” this new research points up how much access bad actors really have to sensitive financial information. The report, “Financial Services Sector Exposure Report: 2018-2021 Findings and Trends,” reviewed records from data breaches found in “open sources, and on the surface, deep, and dark web.” Constella Intelligence’s threat intelligence team identified 6,472 breaches or leakages, and more than 3.3 million exposed records where financial employee corporate credentials were involved.
The financial sector has over 3,3 million openly exposed employee records that contain PII
Almost everyone’s PII exists online somewhere — whether on open sources, social media, or the surface, deep, or dark web. Companies seeking to safeguard their people, assets, and brand can proactively monitor the digital sphere for exposed credentials that enable threat actors to launch many of the high-profile attacks that we are seeing today.
Even more disturbing, two-third of these internal financial industry breaches involved personal identifiable information (PII) — all of which included email addresses and 72% included private passwords. The research claims that 70% of profiled executives have had their corporate credentials exposed in a breach or leakage since 2018. Of those executives exposed, 98% have been exposed in breaches that include PII, and over 40% had their passwords exposed. Further, according to the report: “The proliferation and circulation of this sensitive employee data enables threat actors with the necessary resources to execute a wide range of cyberattacks, including ransomware, impersonation, phishing, account takeover, and several others.”
Companies and general corporate cultures have come around to the understanding that breaches will happen.
Employees and humans are the weakest points in terms of an organization’s cybersecurity posture and our findings related to the vast number of exposures in circulation are a serious cause for concern. These exposed credentials are the keys for threat actors to access companies’ sensitive data and critical systems.
UMBRA can track and monitor activity to provide threat intelligence to defend against cyber attacks.
From the Shadow Emerges Knowledge