Discussion Topics
Unraveling New Dimensions of Identity Threats
Digital identities have become a top target for cybercriminals, serving as the convergence points for personal, professional, and organizational risk. Threat actors are exploiting the vast amount of identity data circling the dark web – usernames, passwords, PII, device details, session cookies, and more – to wage an identity war that’s quickly escalating.
SpyCloud’s newly released Annual Identity Exposure Report takes an in-depth look at the growing risks posed by exposed identity data, the top threats to organizations now, and why traditional defenses are no longer enough.
Insights from this year’s report:
- The true scale of identity exposure is greater than we all knewSpyCloud researchers discovered that the actual scale of a corporate user’s exposure is, on average, 12 times larger than previously estimated.
- Infostealer malware is the primary driver of modern cybercrimeAbout 1 in 2 corporate users were exposed through an infostealer malware infection in the past year through a personal or corporate device.
- Phishing is a growing threat fueled by AI and Phishing-as-a-Service (PhaaS)SpyCloud revealed that of the millions of recaptured phished data records, 97% contained at least one email address and more than half contained an IP address and/or specific city or postal code information.
- PII exposure surges, fueling identity fraudThe exposures of PII reached 44.8 billion recaptured records in 2024 – a 39% increase from the previous year.
Download the full report for more notable findings like the top breaches of 2024, popular passwords that need to be added to your banned password list immediately, and five critical strategies to strengthen your identity threat protection in 2025.
