Lessons Learned: Are you one of the Fortune 500’s Unfortunate 221?

October 29, 2014
No Comment

The Recorded Future Special Intelligence Desk has just released a new Threat Intelligence Report we found to be full of important context and actionable information for enterprise cyber defenders.

The report, titled The Fortune 500’s Unfortunate 221, is available for download here.

This report is important for two key reasons:

  1. It shows a clear example of the strategic benefit of cyber intelligence to enterprise cyber defense. This is information from outside the enterprise that should drive some key internal decisions and actions.
  2. The report contributes to the strategic situational awareness of a growing problem, the exposure of account credentials in ways enabling adversaries to gain unauthorized access to enterprise resources.

More on the report:

The frequency of corporate data breaches is increasing, with many of the attacks beginning when employees inadvertently disclose sensitive information. This method is commonly referred to as spear phishing. A good way for an adversary to start a spear phishing campaign is to know something about the person they are emailing. A better way is to log into your enterprise and send an email as someone who is known by the target. Stolen credentials allow this to happen.

According to information gathered from open Internet sources (especially pastebin-type sites), 44% of Fortune 500 companies have employees with leaked credentials on the open web.
fortune500 Lessons Learned: Are you one of the Fortune 500s Unfortunate 221?

The report provide insights into:

  • How Recorded Future identified these exposed credentials on the open web.
  • Which industries in the Fortune 500 are most impacted.
  • Recommendations to improve your organization’s security.

One thing strategic situational awareness like this can do is motivate change. For this reason we recommend you read it and share with others.

Download the report here.