In today’s browser-centric workplace, branding acts as the front line of defense for organizations. Often referred to as the “new perimeter,” identity stands between secure data management and potential breaches. However, a new report shows that businesses are often unaware of how their identities are being used across platforms. This leaves them vulnerable to data breaches, account hijacking and credential theft.
“Corporate Identity Threat Report 2024” (download here) is based on exclusive data available only to the LayerX Browser Security platform. This data comes from LayerX’s unique visibility into every user’s browser action across multiple domains. It provides detailed analysis of new risks and discovered hidden threats. To register for a live webinar to cover key findings from this report, Click here.
Below is a more in-depth look at some of the report’s most important findings:
1. The biggest risk comes from 2% of users
Security professionals investigating security threats may come to the impression that every action taken in an enterprise is a threat to the enterprise’s operations. This kind of FUD is counterproductive because it doesn’t help prioritize risk management.
Rather, this report provides data on where the real risk is coming from. It has been found that 2% of users in an organization are responsible for the majority of identity risks. These individuals have been involved in numerous public data breaches, typically with weak or compromised credentials, and bypass SSO mechanisms by using outdated passwords that are easy to crack.
There is another interesting factor that makes these users more risky. The report notes not only when corporate style was exposed, but also has the password been revealed as well as how many times it was exposed.
On average, compromised identities appeared in 9.5 breaches. While individuals exposed without password disclosure appeared in an average of 5.9 datasets.
Could this be because attackers are putting more resources into attacking password datasets? The data does not say. But this means that compromised users are at much greater risk, as the more datasets they expose, the higher the potential for their credentials to be compromised. This should be factored into your risk management plan.
2. Blind spots in enterprise credential management
One of the most pressing risks identified in the report is the prevalence of shadow identity. According to LayerX, 67.5% of enterprise logins are performed without SSO protection. Even more alarming, 42.5% of all logins to SaaS applications on organizational networks occur through personal accounts, which are completely outside the purview of corporate security teams.
These blind spots allow users to bypass corporate identity protection. Security teams lack visibility into where enterprise access is occurring, blocking their ability to identify and respond to identity-related risks.
3. Corporate passwords are just as vulnerable as personal passwords
Corporate security measures are considered stronger than personal ones. For example, managed devices seem more secure than BYOD, corporate networks are more secure than public Wi-Fi, etc. But when it comes to passwords, that’s hardly the case.
Despite password management and governance policies, the report shows that 54% of corporate passwords fall into the medium or weak category. For personal passwords, this percentage is 58%. Such passwords, while meeting minimum security standards, can often be cracked in less than 30 minutes using modern tools.
4. Browser extensions: an overlooked but growing risk
LayerX takes a unique look at one of the most ubiquitous yet invisible productivity tools: browser extensions. According to LayerX results, 66.6% of installed browser extensions have high or critical risk permissions, and more than 40% of users have such high-risk extensions. These permissions often allow extensions to access sensitive data, such as user cookies and session tokens, which can be used to steal corporate credentials or hijack sessions.
5. Attackers use sophisticated techniques to evade outdated security tools
Finally, the report shows how attackers exploit weaknesses in traditional security tools like SWG. As a result, these tools have become less effective at preventing browser-related breaches. Some of the key findings in this area are:
- 49.6% of successful malicious web pages that bypass protection are hosted on legitimate public hosting sites that use trust in well-known domains to avoid detection
- 70% of these malicious pages use phishing kits with low or medium similarity to known phishing patterns, allowing them to evade standard phishing detection mechanisms.
- 82% of these pages received a high reputation risk score, and 52% of pages had a low “top-level domain” risk, indicating that attackers are manipulating common reputation-based defenses by using public infrastructure to distribute malicious content.
Findings in “Corporate Identity Threat Report 2024” highlight the urgent need for organizations to rethink their identity security strategies. Traditional methods based on network layer protection, password management and trust in existing tools are no longer sufficient to protect today’s browser-based remote access environments. At the very least, security services should be aware that they do not cover.
To register for a live webinar covering key insights from the report To register for a live webinar to cover key findings in this report, Click here.
