top of page
  • Writer's pictureCarolyn Hughes

Online identity theft is a key driver of cyber attacks

New research from IBM has found that cyber attackers are using real accounts to gain access to IT systems and websites, instead of hacking into the system. This ‘path of least resistance’ means this method has seen an increase by a huge 71%, from the previous year. The report found that 50% of cyber attacks in the UK now involved the use of valid existing accounts.

The data from IBM’s X-Force Threat Intelligence Index explained that there are billions of account log in details, that have previously been hacked or stolen via malware, available to buy on the Dark Web, which are then being used by criminals to access accounts. Europe is the most targeted global region of 2023. 

In 2023, IBM’s X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information. In addition to this, data theft and leak incidents rose by a third (32%) in 2023.

Interestingly, the report also found that 84% of critical infrastructure incidents could have been avoided with cyber security best practice.  


This shows why creating secure passwords, as well as good password management within teams and businesses, is extraordinarily important. Being negligent in this area of cyber security can have a huge knock-on effect in terms of larger cyber breaches. 

DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: “This is a very interesting but also highly worrying report from IBM, and it shows just how vital basic cyber security hygiene is for individuals and small businesses. 
“Cyber criminals are now preferring to use real people’s accounts, the details of which can be bought and sold online from huge data breaches, in order to compromise businesses online.
“Our advice is always that small businesses need to take password management and online account security very very seriously. 
“This means choosing a secure and hard to guess password, updating it regularly and when prompted, as well as updating software when prompted. 
“A good way of choosing a unique and secure password is the ‘three random words’ advice from the NCSC, which means selecting three completely different words, which make the password longer and stronger, and therefore much harder to hack.”

The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page