[Report] 1 in 3 CEOs Have Had Passwords Leaked in Breaches

New F-Secure study underscores the importance of proper password management. Download our findings in the report below.

Author: Melissa Michael
Date: 25.10.2017
Read Time: 2 Minutes

Just in case you still need convincing about why you should take password hygiene seriously, F-Secure has released the results of a recent study we undertook looking into CEO email exposure. According to our research, 30% of CEOs of world-class companies have had their password leaked on an online service they registered for using their work email.

To put it another way, nearly one in three top CEOs has been “pwned” on a service that was later breached.

And now the passwords they used in those breached services are out there, floating around on the internet, available for the taking by any enterprising cyber criminal.

Over and over again, studies find that a large share of people reuse passwords across multiple accounts. So all a threat actor needs to do is grab his victim’s password from the leaked database of a breached service, and plug it in to some other sites his target is likely to use as well.

breached services CEOs registered with

Our research centered around company email addresses for CEOs at over 200 of the biggest companies in ten countries. But even if you’re not a big fish, it’s wise to tighten up your password protocol. According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default, or stolen passwords. And as ill-equipped as most companies are to deal with breaches (according to data from our risk management assessments), a breach caused by unauthorized credential use would be extremely difficult to spot.

All good reasons to use a password manager*, which security experts recommend just because password management is too hard to do it alone.

ceo email/password exposure around the world

We also found that the vast majority of CEOs – 81% – have had their personal information leaked (email address and things like phone number, address, birthdate, etc.) in the form of spam lists and leaked marketing databases. Have a look at our infographic by clicking the image below:

 

 

The report begs the question, should CEOs use their company email to register for online services? Turns out there are good reasons to do so in certain cases. For the full findings, and for password advice from a white hat hacker, download our free report, CEO Email Exposure: Passwords & Pwnage.

DOWNLOAD REPORT

DOWNLOAD INFOGRAPHIC

*F-Secure Password Protection, the only available password manager that comes integrated with endpoint security clients, is a brand new component of F-Secure Protection Service for Business, available November 1.


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s