Dubai: The UAE was the most affected country in the Middle East with over 15,000 leaked credentials publicly available online, according to cyber situational awareness company Digital Shadows’ latest research report.
Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organisations that reside in the Middle East.
In the Middle East, organisations in the technology industry were far more exposed than any other, dwarfing financial services, oil and gas and chemicals.
Chris Brown, Digital Shadows vice-president for EMEA and APJ, said that data breaches are no longer an aberration; they are the norm.
With credentials for over 5.5 million employees of the world’s largest companies, listed on the Forbes Global 2000, having been found online and with 97 per cent suffered from credential compromise.
“It is clear that, irrespective of size, industry or geography, the vast majority of organisations have credentials exposed online. Compromised credentials hold significant value for cybercriminals as the information can be used for botnet spam lists, extortion attempts, spear-phishing and account takeover,” he said.
The top breaches were from social media platforms with LinkedIn, MySpace and Tumblr breaches being responsible for a respective 30 per cent, 21 per cent and 8 per cent of the total credentials.
The report also revealed that it is not quite as simple as organisations just resetting their passwords. Password resets can cause a lot of friction for organisations and so it’s necessary for IT departments to first figure out whether the information stolen from a breach is unique, re-posted, or outdated information. 10 per cent of the 5 million leaked credentials in the report were actually duplicates which can cause even more confusion for an organisation that has suffered a breach.
“In order for organisations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise,” Brown said.
