Akamai, the intelligent edge platform for securing and delivering digital experiences, along with Ponemon Institute, today unveiled results from an APAC-wide study to quantify the potential cost to prevent, detect and remediate credential stuffing attacks. The companies represented in this research estimate that the cost of credential stuffing attacks can range from $284,649 if one percent of all compromised accounts result in monetary loss, to an average of $28.5 million if all compromised accounts result in monetary loss.
The study, titled 'The Cost of Credential Stuffing: Asia Pacific' conducted by Ponemon Institute and sponsored by Akamai Technologies, surveyed 538 IT security practitioners familiar with credential stuffing attacks from a range of industries including Financial Services, Retail and e-Commerce, Travel & Hospitality, Media, Entertainment & Gaming, and more. Respondents stated that these attacks cause costly application downtime, loss of customers and involvement of IT security that can result in an average cost of $1.2 million, $1.5 million and $1.1 million annually, respectively.
Credential stuffing usually results from fraudsters purchasing lists of stolen credentials on the dark web, such as user IDs and passwords, and using a botnet to validate those lists against an organization’s login page. The end result is typically an account takeover in which fraudsters then use the stolen validated credentials to commit fraud. The primary goals of these types of crime are generally to make fraudulent purchases, engage in fraudulent financial transactions and steal additional confidential information.
The 2016 Yahoo breaches are examples of how serious the threat of credential stuffing is. The Yahoo breaches involved a total of 1.5 billion credentials spilled to the Internet, protected by the weak MD5 hashing algorithm. The thefts took place in 2012 and 2013 giving the criminals up to four years to crack weak protection.
The sampling frame for the 'The Cost of Credential Stuffing: Asia Pacific' study composed of 15,365 IT security practitioners who are familiar with credential stuffing attacks and are responsible for the security of their companies’ websites. A total of 591 respondents completed the survey out of which 53 surveys were removed by screening and reliability checks. The final sample consisted of 538 surveys.
Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone — and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.