Account Takeovers Exposed: Key Statistics You Need to Know

Account takeovers (ATO) have become a significant concern for organizations of all sizes and industries. These attacks are an especially damaging form of identity theft and fraud in which a threat actor gains access to a user’s account credentials. This puts the organization at risk of leaking sensitive information and falling prey to fraudulent requests for financial transactions. To make matters worse, these attacks can go undetected for months.

ATOs can occur in various ways—through session hijacking due to authentication token theft or forgery, traditional phishing, social engineering, credential stuffing, or even SMS or voice phishing. In essence, these threats are enabled by a combination of advanced attack methods and weak security measures.

To shed light on the prevalence and impact of account takeovers, we’ll delve into the latest statistics surrounding this type of cyber threat. By understanding the scope of the problem, businesses can better prepare themselves to detect, prevent, and mitigate the risks associated with account takeovers.

Unfortunately, account takeovers have become increasingly common over the past year. A quarter of companies (26%) say they are targeted by an ATO attempt each week.

Thankfully, not every ATO attempt is successful. Many are stopped by keen-eyed security teams or stymied by sophisticated cybersecurity solutions. Due to the high frequency of these attacks, it’s important for organizations to prioritize stopping ATOs in their tracks.

On average, it takes 11 months to resolve a breach caused by stolen credentials, according to the IBM 2023 Cost of a Data Breach Report. This includes 240 days to identify the breach and another 88 to contain and resolve it. That’s almost a year, and each day is another opportunity for the attacker to harm your organization.

One of the reasons for the long life of these attacks is that 67% of organizations are not detecting account compromise on their own, making it crucial for organizations to leverage third-party cybersecurity solutions to help address ATO.

Organizations with a large number of employees offer threat actors more surface area for attacks. In fact, companies with more than 50,000 employees have a 60% chance of a successful ATO each week.

Successful attackers can then burrow deeper into organizations through emails, third-party applications, sensitive files, and more based on their privileged status. And with such dispersed networks of remote workers or employees across multiple offices, it’s easy to miss potential warning signs.

Even top-tier companies are susceptible to ATO. In fact, they may even be hot targets for threat actors who recognize the value and reputation of these organizations. Nearly 80% of Fortune 100 organizations have at least one compromised account, according to Abnormal data.

Executives and members of financial services organizations are obvious targets. But attackers will compromise any account they can in hopes of climbing the corporate ladder, so to speak, with additional attacks against other employees.

In addition to the frequent and widespread occurrence of ATO, it also bears a hefty price tag. According to the aforementioned IBM report, the average breach caused by stolen credentials costs organizations $4.62 million. That’s a substantial hit to an organization’s wallet and potentially a fatal hit to some.

ATO attempts are frequent, costly, and difficult to detect, making them a top concern for organizations and security professionals.

Abnormal is an advanced security solution that detects compromised email accounts and unusual or malicious user behavior. By recreating the crime scene in detail, Abnormal provides security teams with conclusive evidence to take action. Better still, Abnormal proactively kicks attackers out of hijacked Microsoft 365 accounts and remediates emails sent from compromised accounts. With total visibility into internal-to-internal email traffic, Abnormal prevents lateral phishing attacks often associated with ATO.

In the same way that you can cancel credit cards or debit cards before a thief has the opportunity to use them, Abnormal helps security teams take proactive steps to stop ATO. Abnormal can even detect ATOs already hidden within your network, thereby providing full defenses for your organization.

Interested in learning more about account takeovers and how you can stay protected with Abnormal? Schedule a demo today!