As the world shifted to widespread remote work, the accompanying shift online opened up a plethora of new attack vectors for cybercriminals. As the lines between our personal and professional lives have become increasingly blurred, security awareness has become more critical than ever.
To capitalize on the move online, businesses in every industry have quickly augmented traditional channels with digital equivalents. As hackers seek new methods of attack, companies must ensure that their corporate data is secure from prying eyes. Nonetheless, despite horror stories of data breaches and information for sale on the dark web, consumers have become increasingly desensitized to the risks posed by cyberattacks.
According to research, 40% of people have no idea what the dark web is and are blissfully unaware of how their information could be compromised. As more of us spend time online, it's clear that consumers' casual attitude toward security is due to a lack of awareness. So, what exactly is the dark web, and how can we keep our data from falling into the wrong hands?
Data on Dark Web
In what would be one of the largest data breaches in history, sensitive personal information about over a billion people appears to have been leaked from a government agency and put up for sale on the dark web.
Names, addresses, national ID numbers, and mobile phone numbers, as well as police and medical records, are said to have been leaked.
Changpeng Zhao, CEO of cryptocurrency exchange Binance, stated in a Tweet, "Our threat intelligence identified 1 billion resident data for sale in the dark web," pointing to a glitch in implementation by an unnamed government department as the reason the data could be accessed.
Covid-19 Influence On CyberSecurity
The global COVID-19 coronavirus pandemic changed threat activity and tactics as fraud prevention teams scrambled to transition to entirely remote workforces, surge eCommerce transactions, and new trending fraud schemes.
Financial institutions faced a wide range of COVID-19-related cybercrime, including stimulus check fraud and new social engineering tactics that duped bank customers into providing personal and banking information. The US Federal Trade Commission (FTC) has issued a warning about coronavirus fraud involving more than USD 343 million. With a new round of stimulus checks on the way in 2021, this figure is set to rise yet again.
Coronavirus-related threats also wreaked havoc on the retail and healthcare industries. Retail cybersecurity teams had to deal with the rapid transition to online sales, as threat actors attempted to exploit misconfigurations such as SQL injections and other web vulnerabilities. Meanwhile, hospitals that were already overburdened with COVID-19 patients were left vulnerable to an increase in threat actor attempts to gain admin-level access to data and patient health information (PHI) to purchase or use in their extortion schemes.
How much is your data worth on Dark Web?
Researchers discovered that $1,010 can buy enough personal data to steal someone's identity.
Website for personal privacy PrivacyAffairs.com combed through dark web marketplaces, forums, and websites to compile an index of average prices for a variety of products.
And, even though the 'full set’ of data was valued at $1,010, the team discovered that online banking logins cost an average of $40, with full credit card details including associated data costing between $14 and $30.
Due to the high supply, US credit cards are valued significantly lower - $17 on average - than those of other countries. Israeli cards, on the other hand, cost $65.
After purchasing the data, criminals can purchase forged documents, such as high-quality driving licenses, for $400 each. A European national ID card costs around $500, while a US passport costs around $4,500.
Is your data available on the dark web?
According to last year's research, one in every four people would be willing to pay to have their private information removed from the dark web - and this number rises to 50% for those who have been hacked. While only 13% have been able to confirm whether a company with which they have interacted has been involved in a breach, the reality is that it is much more likely than you'd think - over 9.7 billion data records have been lost or stolen since 2013, and this number is only increasing.
Most of us have no way of knowing if our information is being sold online. However, solutions are now available that proactively check third-party databases for email addresses, usernames, and other exposed credentials, alerting users if any leaked information is discovered. Password managers are increasing including dark web monitoring functionality, indicating compromised sites, and providing links for users to change any exposed credentials. These tools help to raise security awareness and highlight the risks of poor password practices by informing users if their digital identities are compromised.
Cyber Awareness of Data Breaches on the Dark web
Detection is undoubtedly important in staying ahead of fraudsters, but it all starts with awareness. The majority of breaches occur as a result of simple mistakes that are easily corrected, such as using your Facebook password at work or having failed to change the settings of connected devices. At the same time, businesses must emphasize the importance of becoming cyber-aware and fostering a security-aware culture throughout the organization.
While some businesses have begun to reopen, many of us will continue to work from home for the foreseeable future. Driving cyber-aware practices should thus be a priority, requiring each department to collaborate and improve its security practices. The security challenge is ever-changing, and it is likely to become even more complex as digital migration continues. With the risks of the dark web ever present, we could all benefit from updating our cybersecurity practices. Using randomly generated passwords that are unique across platforms is a good place to start; from there, implementing solutions with built-in added privacy will help to prevent another dark web horror story.
As you can see, it is becoming increasingly important for you to safeguard and protect your online life in the same way that you do your offline one. This may appear to be an insurmountable obstacle, but with the right software and adherence to a few rules, it's not so difficult. Here are three easy tips to keep you and your data safe from hackers:
- Never provide confidential information when asked for it via email or phone. Employees of reputable companies would never request passwords, credit card numbers, or other sensitive information.
- Stay away from insecure and public Wi-Fi networks. If you still want or need to use one, connect through a VPN and follow our guide on the subject.
- Make use of a password manager. It will assist you in creating a secure password for each of your accounts and saving it so you don't forget it again.
Since 2007, Sun IT Solutions Managed It Services has been providing high-quality Toronto IT solutions and support services that meet our client's needs and budgets.
We are dedicated to providing long-term business value, security, and measurable results, and we hope to do the same for you.