What do scammers do with your stolen data?

Nowadays, it’s an understatement to say that cyberattacks must be taken seriously. According to IBM’s 2019 Cost of a Data Breach Report, businesses suffer losses of $3.92 million on average from a data breach. For companies with less than 500 employees, this is a crippling loss. And with an average of six million enterprise records breached every single day, it’s no wonder that this year’s World Economic Forum Report warns that cyberthreats are the fourth greatest risk to world economies.

The most expensive loss in any cyberattack is the information stolen. According to Verizon, 76% of breaches are financially motivated. Wendi Whitemore, Global Lead for IBM X-Force Incident Response and Intelligence Services, agrees, saying, “Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses.”

To protect digital assets from cybercriminals, businesses must have a multi-layered approach to cybersecurity like Spectrumwise’s 7 Layers of Security. Made up of information security policies, physical security, network and systems security, vulnerability programs, access control measures, data protection and backup, and system monitoring and testing, this comprehensive security solution covers every vulnerability that can lead to a possible breach.

However, Spectrumwise also understands that any effective cybersecurity strategy involves understanding what hackers do with stolen data and outsmarting them at their own game.

They use it for fraud

Businesses handle and store personally identifiable information (PII) typically belonging to customers and employees. These include parents’ names, dates of birth, passport numbers, addresses, medical histories, social security numbers, or any information that helps identify an individual and can’t easily be changed. Some well-known instances of criminals stealing PII include effectively impersonating individuals with their stolen information to obtain medical insurance benefits or to make illegal online purchases.

Businesses that store large volumes of data are therefore at risk. In fact, Varonis says that 41% of companies have over 1,000 sensitive files with PII that are largely unprotected, making them very attractive to hackers.

To greatly minimize the risks, businesses must observe security best practices: have different passwords for multiple accounts and change them periodically, delete dormant customer data, and store mission-critical files across multiple secure data centers, to name only three.

They sell it on the dark web

The dark web is where stolen data is sold to buyers who will use them to commit identity theft and other types of fraud. The greater the demand for particular sets of data, the higher their price. Conversely, a huge supply such as a massive hack will lead to diminished prices.

With the daily occurrence of data breaches, prices tend to vary wildly. Credit card data will cost between $13 and $21, while bank account login information can sell from $100 for a $2,000 account to $1,000 for a $15,000 account. Electronic medical records can net $350 to thousands of dollars each, while a scanned passport or driver’s license sells between $10 and $35 per document

They hold it for ransom

Hackers can also encrypt your data without your permission, rendering it useless until you pay a ransom. This tactic is deployed via ransomware, a type of malware that locks the user’s files until they are unlocked by the perpetrators. Meanwhile, crypto-ransomware is a type of ransomware that encrypts files and forces users to pay the ransom through online payment methods in exchange for the decryption key.

Companies that get hit by ransomware will likely lose crucial business and customer information and suffer from noncompliance penalties, damaged reputation, lost profits, and the like.

The best defense against ransomware is a business continuity plan that includes risk assessments, automated backup, and advanced disaster recovery. This proven cybersecurity strategy protects business data by regularly securing copies of it in well-protected off-site data centers, so you can simply ignore the ransom demands and retrieve copies of the locked files from your data centers.

At Spectrumwise, our clients’ IT infrastructure is well protected by comprehensive security solutions that cover every possible entry point and vulnerability. Our experts have years of experience keeping IT systems safe and can implement a security strategy for you. Call us today.


Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.