Cybercriminals don’t operate in silos, so businesses can’t afford to either. Rather than targeting single breaches, criminals piece together exposed data from multiple sources — blending personal and corporate information, past and present — to infiltrate systems in ways companies often fail to anticipate. 

Yet many companies still focus primarily on collecting and analyzing the exposed data they know about, such as stolen PII from known data breaches like the National Public Data breach. While this is a valuable cybersecurity practice, it doesn’t account for the full scope of risk as bad actors have no such boundaries and are able to access users’ data through various known and unknown avenues.  

For instance, an individual might have a few social media accounts, an account for their home mortgage, a former corporate account, a popular online retailer login and other profiles often unknown to businesses. The average corporate user has 57 usernames and 141 credential pairs across 146 exposure records tied to their identity when viewed holistically, and consumer identities fare far worse for exposure, with averages of 105 total usernames and 227 credential pairs across 229 records. Gaining access to any of these profiles gives cybercriminals a wealth of information on the individual and takes what they have in their personal or former life to use against their professional world through phishing attacks, infostealer infections and more.

A lack of visibility into these parts of a user’s online persona creates significant security gaps for businesses. For example, recent analysis of recaptured darknet data revealed that 74% of individuals have at least one exposed IP address across their many online services. Criminals can use exposed IPs to mimic trusted IP addresses and infiltrate enterprise networks. Security managers may not know this is happening until it’s too late simply because they don’t have transparency into all of the services and applications those individuals use.  

With the line between corporate and personal online accounts continuing to blur, businesses must gain a comprehensive view of their users’ online presence to minimize risk. This requires moving beyond traditional user identity monitoring, which is limited in scope, in favor of a broader approach that favors action based on users’ holistic online identities.  

What are Holistic Identities? 

An identity has been defined thus far as a distinct and individual digital representation of a user, device, or entity within their networks and systems. Organizations can control how these identities access corporate resources and monitor them for potential issues.  

However, there is a vast and interconnected web of darknet-exposed information that extends far beyond corporate oversight. Our information indicates that cybercriminals routinely exploit users’ social handles, credit card and banking data, passport information, personal email addresses and other non-corporate data. Much of this information is “hidden” or has been considered inapplicable to corporate security teams in the past. Still, an infiltration that targets any of these exposes the individual in question, which in turn exposes the business they work with or for. 

That’s why organizations must extend their security monitoring to understand and correlate users’ holistic identities, which incorporate the full extent of exposed identity data across many online personas. A holistic identity can be highly complex and include multiple exposed accounts and data points across different applications, platforms, and websites. Cybercriminals can use this same information to initiate account takeovers, fraud and other nefarious activities. 

Building a Holistic Identity 

Building a holistic user identity involves asking questions outside the norm of a typical cybersecurity approach: 

• How many online personas does an individual have? 

• Have any of those personas been exposed in a breach? 

• What data about an individual is in criminals’ hands? 

• How exposed is the enterprise? 

A holistic identity approach to cybersecurity uses data from many sources to illuminate hidden exposures. Collecting and analyzing information from malware victim logs, phished data and known data breaches helps identify the information criminals have accessed and whether users’ personal or professional information has been compromised.  

It is critical to correlate this information with users’ online profiles and determine if they’ve been compromised. The best way to do this is to tie together common authentication data and PII, such as shared passwords across unrelated usernames, but with connected IP addresses and phone numbers. 

Businesses can then take immediate steps to mitigate the impact on their networks. For example, they can force password changes to corporate systems when exposed passwords tied to a user’s past or present personal and work accounts have been reused, recycled, or compromised. This is increasingly important today as password reuse is on the rise: in 2024, 70% of users exposed in breaches reused old, compromised passwords across multiple accounts. 

Businesses can also proactively thwart potential cyberattacks like ransomware, which often begin with social engineering. Cybercriminals use exposed PII to craft convincing phishing attacks, impersonate employees, deliver malware to extract even more identity data and manipulate victims into granting access. By targeting holistic identities, businesses can uncover these exposures before attackers exploit them. Businesses can also determine the risk posed by their suppliers through the exposures of their employees’ holistic identities. This is increasingly important as third-party vendors are the point of entry in many attacks. 

Meeting Cybercriminals Where They Are 

Users’ identities are a top attack vector representing significant corporate risk. According to a survey by The Identity Defined Security Alliance, 90% of organizations reported an identity-related breach in 12 months from 2022 to 2023.  

Businesses must take the threat of identity-based attacks seriously and adapt their cybersecurity practices to address this challenge. They must break loose of the confines of traditional cybersecurity infrastructure to meet cybercriminals where they are, gain a better understanding of users’ online personas and uncover risks that exist beyond their current line of sight.