The Financial Times Stock Exchange 100 share index is an average of share prices in the 100 largest, most actively traded companies on the London Stock Exchange.
IT security vendor Anomali, released a new report that identifies major security trends threatening the FTSE 100. The volume of credential exposures has dramatically increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis.
A whopping 77% of the FTSE 100 were exposed, with an average of 218 usernames and passwords stolen, published or sold per company.
In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials.
In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. The report shows that a significant number of credentials linked to FTSE 100 organizations were still left compromised over the three months following the discovery.
This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber attacks.
The report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures, also reveals that:
- Five of the FTSE 100 companies had more than 1,000 credential exposures, access to these enable cyber criminals to harvest and misuse additional credentials and company data
- The banking sector accounted for a quarter (23%) of the total exposed credentials
It is loud and clear that employees need to be stepped through new-school security awareness training to prevent high-risk situations like this.
KnowBe4's recently updated Strong Passwords module covers the rules of how to create and use strong passwords in both an office environment and at the house. Employees learn the 10 important rules for safer passwords, minimum password length, how to remember long passwords, get trained in best practices like using pass phrases and how to use a different password for every website.