Valid logins to your workplace are on the net, right now
Mega-breaches and spiking smartphones malware mean crims can crack you, yesterday
Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware.
The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face potential compromise from any of an average of 760 credentials published to the web.
It is not stated how many of those are valid logins, however the company omitted consumer email domain addresses focusing on corporate addresses.
The credentials come from a pool of five million unique email and password combinations in data breach dumps from the likes of MySpace and LinkedIn, of which half a million are duplicates.
Organisations in the broadcast, telco, and computer services sectors were far more exposed than any other, dwarfing healthcare and pharmaceutical, industrial goods, and financial services.
Nokia in a separate report [PDF] finds one out of 120 smartphones is infected with some form of malware, a 96 percent hike over the first half of this year compared to the same period in 2015.
That represents a perhaps unseen threat to organisations who allow executives and staff to connect mobiles to corporate networks, potentially bypassing harder perimeter controls.
Compromised phones accounted for 78 percent of all infection traffic across the studied mobile networks, with the remainder stemming from infected Windows machines using tethered or dongle-driven internet connections.
Most of the infected phones were Android phones. Most phones running the Google operating system operate on Lollipop version five and the highly vulnerable KitKat version 4.4. ®