Cyber security affects all of us, but it only makes the headlines when it’s big companies that are the target of attacks.
Threat intelligence provider Anomali has produced a new study focusing on vulnerabilities in businesses on the UK’s FTSE 100 list of the largest companies. Among the findings are that over the last three months, 81 companies in the FTSE 100 had potentially malicious domain registrations against them, enabling cyber criminals to create dummy websites that can be used to trick users into supplying private data.
The report also discovered that 5,275 employee email and clear text password combinations from FTSE 100 companies were found on a number of sites from which they can be stolen, publicly accessed or sold. This means that an average of 50 employees for each FTSE 100 company have had their email and data credentials exposed due to employees’ visiting non-work-related sites that have then been hacked. For example, more than 40 corporate credentials across 23 companies were compromised in April when a major UK-based football website had its database dumped and exposed on the Darkweb. This leaves the UK’s largest businesses open to cyber-attacks and puts critical business content and personal information at risk.
Jamie Stone, VP of EMEA at Anomali says, “Cyber-crime is rising at an astonishing rate, and it’s now a board-level issue for businesses. Nevertheless, the evidence gathered across our threat intelligence platforms demonstrates that some basic security measures are not being adopted or followed at some of the largest and most prominent companies in the UK. The results of the report should be a wake-up call for these organisations, highlighting just how vulnerable they are in ways they might not even have considered”.