UAE ranks top for most employee data leaks in ME; report
Digital Shadows highlighted data breaches also occur from social media platforms, such as LinkedIn
Digital Shadows highlighted that the most affected country in the Middle East to suffer from data breaches was the UAE, followed by Saudi Arabia.
The firm's Compromised Credentials research paper analysed 1,000 companies listed on the Forbes Global 2000 and discovered that 97% of those companies had leaked credentials publicly available online, mostly due to third-party breaches. Furthermore, credentials from 5.5 million employees had been found online.
The Middle East faced over 15,000 leaked credentials in the UAE, 3360 in Saudi Arabia, 203 in Kuwait and 99 in Qatar. The technology industry, financial services, oil & gas and chemicals were far more exposed than other sectors.
Chris Brown, Digital Shadows VP EMEA and APJ, said: "The world used to be about your perimeters and your network. Recently there have been shifts as a result of social media, cloud and mobile. Which means that quite often, when information is getting online, it's not from the company; it's from a third party like a contractor somewhere in the company's supply chain. Data breaches are no longer an aberration; they are the norm.
"Compromised credentials hold significant value for cybercriminals as the information can be used for botnet spam lists, extortion attempts, spear-phishing and account takeover."
The report highlighted that breaches were from social media platforms, with LinkedIn, MySpace and Tumblr breaches being responsible for a respective 30%, 21% and 8% of the total credentials.
The report also revealed that it is not quite as simple as organisations resetting their passwords, but instead IT departments first need to figure out whether the information stolen from a breach is unique, re-posted, or outdated information.
Digital Shadows state that in order for organisations to prepare themselves for the inevitable data breach they need to first understand the impact of a breach and what they can do to prepare their employees and business for credential compromise.