Nearly 50% of companies surveyed report increased physical security threats and incidents over the last year

LOS ALTOS, Calif., Sept. 13, 2022 /PRNewswire/ — A recent survey conducted by Constella Intelligence and commissioned by ASIS International revealed that organizations are confronting a staggering increase in threats against employees, executives and physical locations. Amid tensions exacerbated by political, social and economic issues, cyber-physical threats constitute considerable vulnerabilities for organizations. Reported risks included increased threats against physical facilities, co-workers and activism-related threats against business practices, while top security priorities included protecting organizations from disgruntled employees or customers, active shooter incidents and travel risks for executives. Despite these risks, nearly 61% of organizations surveyed said they do not proactively monitor the dark web for early indicators of emerging threats. Current practices are widely reactive as most organizations only respond to threats after they arise.

The report showcases the perspectives of more than 300 security professionals within the ASIS community at companies spanning 19 industries and five regions. Organizations surveyed range from 50 to more than 50,000 employees.

Constella Intelligence today presented four key insights from the survey at the 2022 Global Security Exchange (GSX), including: (1) Companies are facing increased physical security threats which are tied to the convergence of digital and physical risk, (2) physical security and cybersecurity teams are siloed, rarely operating within the same department and interacting infrequently, (3) open source and deep and dark web monitoring for early threat indicators are lagging and (4) social, economic and geopolitical unrest is tightening corporate governance.

Of the organizations surveyed, Constella and ASIS found that only about 1 in 10 (11%) have integrated cybersecurity and physical security teams into one unified department, and an alarming 52% of physical security teams don’t frequently interact with their cyber counterparts.

“As digital activity and physical events continue to converge, we must consider how to protect organizations and their employees from cyber-physical risks effectively,” said Constella’s Director of Risk Intelligence, Jonathan Nelson. “To ensure a holistic picture of targeted, hybrid security threats, cyber and physical teams need to transcend antiquated paradigms of ‘digital vs. physical,’ fostering deeper cross-functional engagement and leveraging unified tools to monitor the surface, deep and dark web for early threat signals.”

Through their joint analysis, Constella and ASIS identified a widespread need for deeper integration between cyber and physical security teams, as most respondents indicated their organizations would be better equipped to avoid crises if these functions were better aligned and could leverage a single unified platform to monitor potential threats. These responses evidence the relevance of comprehensive digital sphere monitoring capabilities—including coverage of the deep and dark web—to identify and mitigate emerging hybrid threats.

“I have witnessed several significant changes in the security sector since I began my editorial career nearly 30 years ago,” said Teresa Anderson, Vice President of Editorial Services at ASIS. “The most fascinating part is seeing how organizations evolve to meet new needs and overcome more advanced obstacles. The increasing convergence of digital and physical risk undoubtedly presents new opportunities for cybersecurity and digital security professionals to work in tandem, perhaps for the first time in their organization’s history.”

Key findings from the survey include:

• Almost 50% of respondents said that the number of physical security threats and incidents at their company has increased compared with last year.
  • 51% reported an increase in threats against a physical location.
  • 43% reported an increase in threats against co-workers.
  • 42% reported an increase in activism-related threats against business practices. Almost 30% reported an increase in threats against their senior executives.
• 62% of respondents ranked dangerous threats from former employees or disgruntled customers as their top security concern.
• Physical and cybersecurity teams are siloed, as only 11% said that they are integrated into a single department; 40% said that incidents or threats could have been handled better if physical and cybersecurity teams were more tightly integrated.
• 61% of companies do not leverage a unified platform that proactively monitors the social and dark web for emerging threats, even though 70% agree that their company would be better equipped to avoid a crisis if they had one.

Among U.S. companies, 76% ranked preventing an active shooter event at one of their locations as their top security priority. The need for security advancements is widely recognized, as every respondent reported organizational plans to invest in at least one security system or activity in the next year. Security professionals can expect to see greater spending on threat assessment training, real-time monitoring and threat reporting, integrated digital and physical security practices and services from intelligence analysts or experts.

Read the full 2022 Survey Report on Managing Increased Cyber-Physical Security Threats in a Hyper-Connected World here.

Press Release

More than 66,000 breaches and nearly 42 billion exposed consumer and employee records were detected circulating in dark markets in 2021, with critical infrastructure providers suffering 1 in every 3 cyber attacks

LOS ALTOS, Calif., April 28, 2022 /PRNewswire/ — Today, Constella Intelligence (“Constella”), a leader in digital risk protection and identity threat intelligence, released its 2022 Identity Breach Report — a comprehensive annual report that examines risks to consumers, employees, companies, and institutions stemming from breached data, along with threat actors’ activities on the surface, deep and dark web.

The report, titled “Exposed Data and the Convergence of Consumer, Business and Geopolitical Risk” leverages Constella’s industry-leading data lake of over 45 billion curated identity records spanning 125 countries and 53 languages to deliver insights on identity-based vulnerabilities.

The convergence of individual, corporate, and geopolitical risk is covered in depth by Constella’s threat intelligence team. Importantly, as geopolitical confrontation intensifies, private individuals and organizations will be targeted in cyberattacks and face new dimensions of identity-based, reputational, disinformation-driven, and even physical risk.

“Risks to individuals, businesses and the public sector are converging,” said Constella Intelligence CEO, Kailash Ambwani. “Individuals—as consumers, employees, and executives—are targeted for their sensitive personal data, which powers an increasingly commodified threat economy where personal information is transacted and then weaponized.”

Key findings from the report include:

• More than 66,000 breaches and nearly 42 billion exposed records of consumers and employees were detected circulating in dark markets in 2021.
• Critical infrastructure providers like healthcare, financial services, telecom and utilities were significantly impacted by data breaches in 2021, suffering 1 in every 3 breaches analyzed.
• Constella’s threat intelligence team identified more than 11 million exposed personal records from 13,000 third-party breaches of the 30 public companies that comprise the Dow Jones Industrial Average.
  • Out of a sample of more than 120 executives from these companies, 78% had their corporate credentials exposed in a breach since 2018.
• The average price of personal consumer documentation circulating in dark markets—including credit cards, passports, and IDs—saw a 100% year over year increase.

Of interest, Constella also identified several groups involved in the Ukraine/Russia conflict deploying DDoS, defacement, malware, and ransomware attacks against business and government targets.  These attacks frequently exploit individuals (consumers and employees) as a principal vector of entry into critical networks.

“During times of conflict, threat actors increasingly target critical infrastructure and essential services,” said Alex Romero, COO and co-founder of Constella Intelligence. “Consequently, the availability of sensitive personal data empowers threat actors to launch cyberattacks against companies, institutions, and networks by targeting affiliated individuals and exploiting vulnerabilities at an individual level.”

Constella’s research and analysis details how cybercriminals exploit personally identifiable information (PII) to execute a host of attacks and illustrates how identity-based attacks like fraud, impersonation, or phishing exploit individuals and underpin risks like malware, ransomware, or coordinated disinformation attacks.

To download the full Constella 2022 Identity Breach Report click here.

Press Release

PANAMA and NEW YORK, March 24, 2022 /PRNewswire/ — Today, the United Nations Development Programme (UNDP) and Constella Intelligence released a first-of-its-kind joint publication that details some of the key debates that have been unfolding in the online public sphere of Latin America and the Caribbean around COVID-19 and reveals the risks that information pollution poses not only for the effectiveness of the pandemic responses but also for social cohesion and the functioning of governance systems.

The research publication titled, “Exploring COVID-19 online debates and information pollution in Latin America and the Caribbean” found that a significant amount of information pollution is created by repackaging, reframing, and reproducing content produced by mainstream media and that approximately 1.4% of the reviewed content in the region could be classified as information pollution. While the proportion may seem small, it corresponds to half a million items over four months, which has an outsized impact on vulnerable audiences. As part of the analysis, UNDP and Constella Intelligence took a deep dive into the significant volume of conversations related to COVID-19, revealing the true nature of online discussions during the pandemic to help identify vulnerabilities and inform strategies to counter the most harmful effects of information pollution.

The analysis explores the public digital sphere in Spanish and English languages from October 2020 to February 2021, capturing 37 million results from 4.4 million profiles across all public platforms including Twitter, Facebook, YouTube, Instagram, media domains, blogs, and other online communities. The report concludes that most of the information pollution originates outside the Latin American and the Caribbean region.

“UNDP has identified information pollution as a key issue that can affect multiple governance and development issues. In Latin America and the Caribbean, the battle against misinformation was already taking shape before COVID-19 and will likely continue to be a matter of significant concern for a long time to come. This report offers relevant insights based on new methods of research and analysis and provides actionable recommendations on how to promote information integrity in the short and long term,” said Luis Felipe López-Calva, UN Assistant Secretary-General and UNDP Regional Director for Latin America and the Caribbean.

The document recommends that all short and long-term responses to tackle information pollution should be carried out with human rights at the forefront. It is important that any solutions do not unfairly stigmatize users for legitimate use of the internet or unduly interfere with users’ human rights. To this effect, UNDP is supporting national partners to promote information integrity by strengthening the capacity of public institutions to promote access to reliable and accurate information sources; improving media capacity to effectively manage information pollution; increasing public resilience to information pollution; and developing evidence-based, proportionate and rights-based information integrity policies.

“The research conducted by Constella and the UNDP is a great example of the importance of public-private collaborations delivering insights into global and local trends emerging from the digital public sphere. That joint work is essential to halting the spread of multi-language information pollution. COVID-19 is just the tip of the iceberg,” said Alex Romero, Chief Operating Officer at Constella Intelligence.

The report also urges political leaders, government agencies, media, social media companies, civil society, religious and community leaders, influencers, and personalities to work together to counter information pollution regarding COVID-19, vaccines, and beyond in the region.

“This research is part of a global initiative to improve understanding on disinformation and how it impacts inclusive governance and peacebuilding in the contexts where UNDP operates. The knowledge we get from the report will be used not only in our regional responses but also to inform global policy discussions on the role of disinformation in the global south, which remains poorly understood”, says Arvind Gadgil, Director of UNDP’s Oslo Governance Center.

This initiative was supported and made possible by funding from the Government of Norway. Download the report here to gain insights into key social media trends such as where information pollution originates geographically, how it spreads within and across borders, and which narratives have been propagated most effectively.

ABOUT UNDP:
UNDP is the leading United Nations organization fighting to end the injustice of poverty, inequality, and climate change. Working with our broad network of experts and partners in 170 countries, we help nations to build integrated, lasting solutions for people and the planet. Learn more at www.undp.org or follow at @UNDP. 

Press Release

LOS ALTOS, Calif., March 16, 2022 /PRNewswire/ — Constella Intelligence (“Constella”), a leading global Digital Risk Protection and Identity Threat Intelligence company, today announced the release of Phishing and Botnet Protection, a new service allowing for the real-time notification of personal data and credential harvesting. 

Constella Phishing and Botnet Protection is a unique service that allows partners the opportunity to alert their customers in real-time when their account credentials or personal data is being harvested, and before their stolen information is being used on the Deep and Dark Web. Phishing and Botnet Protection is an enhancement to Constella’s Intelligence API product. Until this release, no vendor has offered a real-time service around identifying credentials and personal information that have just been harvested by Phishing campaigns. 

“We are thrilled to be able to offer our partners this new service that will further ensure they are able to protect themselves and their customers from being victims of phishing and botnet attacks,” said Kailash Ambwani, CEO of Constella. “Phishing and Botnet Protection will be an essential addition to the array of products and services we offer for digital risk protection.” 

The two components, Phishing and Botnet, will work side-by-side through monitoring technology that detects and provides alerts when Constella’s end-user’s data has been stolen by phishing campaigns or botnet malware.   

With Phishing and Botnet Protection, partners and customers can immediately take protective measures to thwart a breach or abuse of the stolen information—minimizing the potential for financial loss and personal disruption. Customers of Phishing and Botnet Protection will also be prompted to reset passwords for compromised accounts before damage occurs and will have unique and immediate visibility into when they have been victims of an attack. This premium monitoring service will be immediately accessible for existing customers and can be effortlessly combined with other Constella Intelligence products to provide comprehensive monitoring and defense to further protect customers’ data and brands.   

“When consumers’ credentials, such as logins and passwords, are compromised in a breach, they often are not even aware that they’ve been compromised until after their credentials are spotted on the dark web, or after fraud occurs,” said Tracy Kitten, the Director of Fraud & Security at Javelin Strategy & Research. “Providing consumers with real-time, proactive notification of credential compromise, alerting them to change their passwords before their information appears on the dark web, will be essential in the coming years as phishing and botnet campaigns become more prevalent.” 

Press Release

LOS ALTOS, Calif., Nov. 18, 2021 /PRNewswire/ — Today, Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, released their Financial Services Sector Exposure Report: 2018-2021 Findings and Trends. This report comes on the heels of Constella’s 2021 Identity Breach Report, and includes new and additional findings pertaining to exposures, breaches, and leakages within the financial services (Finserv) sector, specifically focusing on employees and executives from the top 20 Finserv companies on the Fortune Global 500 list.

This industry-specific report examines data from January 2018 through September 2021. By analyzing identity records from data breaches and leakages found in open sources, and on the surface, deep, and dark web, Constella Intelligence’s threat intelligence team identified 6,472 breaches or leakages and 3,367,059 exposed records related to employee corporate credentials from the companies analyzed. The proliferation and circulation of this sensitive employee data enables threat actors with the necessary resources to execute a wide range of cyberattacks, including ransomware, impersonation, phishing, account takeover, and several others.

Report Finds Widespread Cyber Vulnerabilities for Top 20 Fortune Global 500 Financial Services CompaniesPost this

“This report should be a wake-up call for every bank, insurance company, stock brokerage, credit card company, and financial institution that they are attractive and viable targets for cyber threat actors,” said Constella Intelligence CEO, Kailash Ambwani. “Companies and individuals must take new precautions to protect themselves from threats with high potential to target employees as a vector to inflict reputational and financial harm.”

Financial institutions are home to an individual’s most sensitive and personally identifiable information, and this report uncovers the widespread prevalence of breaches in the Finserv sector, detailing the serious damage than can be inflicted on customers, employees, executives, and brands.

Key Findings:

• Constella identified over 3.3M exposed records from nearly 6.5K breaches and leakages between 2018 and 2021 from top 20 Global Fortune 500 Finserv companies analyzed.
   
• Two-thirds of breaches and leakages in the Finserv sector since 2018 include PII, with the most common attributes being email (100%) and password (72%).
   
• Finserv sector employees are incurring serious risk by using corporate accounts to register on entertainment, news, retail, gaming, and other technology and services sites.
   
• 70% of C-suite executives profiled from Fortune Global 500 Finserv companies have had their corporate credentials exposed in a breach or leakage since 2018. Of those executives exposed, 98% have been exposed in breaches that include PII, and over 40% had their passwords exposed.

“Left unchecked, this exposed data spells serious digital risk for financial services companies of all sizes,” said Constella’s VP of Threat Intelligence, Sean Tierney, who has worked in various cyber threat roles for companies such as Morgan Stanley, JP Morgan Chase, and UBS. “It may seem that major institutions are too large to be seriously affected by cyber threats, but that is far from the case.”

Constella monitors social media and the surface, deep, and dark web for identity-related breaches and verifies the authenticity of those data sets. Click here to download the report.

Press Release