Being the victim of a data breach is every company’s worst nightmare. The consequences of having data stolen can be huge for businesses of any size. As well as causing financial loss to contain the breach itself, data theft can lead to operational downtime, reputation damage and even legal action. But what actually happens to your data once it’s in the hands of cyber criminals?
Anthony Green, CTO of independent cyber security firm FoxTech, has spent years designing, implementing and monitoring some of the most secure systems in the UK. He provides an insight into what hackers really do with the company data they steal. Anthony says:
“Unsurprisingly, stolen data is almost always leveraged to commit further crimes. Most hackers will either sell your data (to others intending to use it for further criminal activity) or use your data to commit further crimes themselves.
“According to the 2021 Verizon Data Breach Investigations Report, around 90% of cyber criminals are motivated by financial gain. If you realise your system has been breached, it’s difficult to predict exactly how your stolen files will be used because there are many different ways that threat actors can make money from your data.”
FoxTech provide their guide to the most common ways that cyber criminals use stolen company data for their own gain.
Sell it on the dark web
The dark web is a division of the internet, which is only accessible using special software, and makes its users untraceable. Stolen data is big business on the dark web, and data sets can come with a hefty price tag.
“Some types of information have a higher value than others, based on its potential to provide a return on investment – meaning how useful it is for lucrative criminal activity. So, when cyber criminals steal a large data set, they will comb through it, making an inventory of its contents and determining its value.”
Personal information can be packaged up and sold in bundles on marketplaces that function in a similar way to the popular internet. Research conducted by Quartz found that stolen identities sell for between USD $1 – USD $450. Prices varied based on factors like the seller’s reptation, reliability and quality. Quality can refer to a number of things such as:
- Is it a full set of personal data, or only partial?
- If it’s a credit card, how good is the credit score?
- How recently was the data stolen? The more recent the breach, the more valuable the data
Use it to commit identity theft
Personal data sets can be accessed or purchased by users on the dark web. Businesses that hold multiple types of sensitive data about each of their customers – such as names, addresses, bank details, driving licenses or passport information – are particularly vulnerable to their data being used for identity theft.
With this data, cyber criminals can open new accounts in other people’s names, make purchases, obtain official government documents, or take out loans. Cyber criminals use fraudulently obtained money to buy anything – from everyday items like pizza and clothing – to purchasing and re-selling electrical goods, or even buying property or taking out a mortgage.
Hold you to ransom
When a hacker has gained network access and located your data, they might decide it would be more lucrative to use it to hold your company to ransom. Usually, the attacker will encrypt your files, making them inaccessible, and demand payment for their return.
“Once a company’s IT ecosystem has fallen victim to ransomware, it can be a difficult and expensive problem to deal with. It’s imperative to create a cyber security incident response plan, which indicates a trusted third-party cyber security partner to contact in the event of a ransomware attack.”
Use it to impersonate your company
As well as stealing the personal data of your customers, hackers may also look to steal company data, such as employee login credentials and payment detail. They can then use this information to carry out impersonation attacks, such as email spoofing, where the attacker sends malicious phishing emails which appear to be from your organisation.
Another increasingly common threat is Business Email Compromise attacks – where hackers impersonate an organisation’s CEO to persuade employees or clients to redirect large payments to their own accounts.
Anthony provides his final advice to businesses worried about cyber attack:
“Unfortunately, as soon as your data is in the hands of cyber criminals, what happens to that data is out of your control. That’s why its so important to have the right preventative measures in place. Particularly important are vulnerability management (locating and fixing publicly disclosed security holes), and security monitoring.
“Security monitoring involves having your in-house IT security team, or an independent cyber security firm regularly scanning your system for suspicious activity. The IBM Security ‘Cost of a Data Breach Report’ found that it takes, on average, 207 days between a hacker breaching your system, locating sensitive data and a final attack taking place. This means that frequently scanning your system is one of the best ways to pick up a breach before any sensitive data has been located and stolen.”
- 90% of cyber criminals are motivated by financial gain: DBIR Report 2022 – Master’s Guide | Verizon Business
- Stolen identities sell for between USD $1 – USD $450: The price of a stolen identity on the dark web — Quartz (qz.com)
- 207 days between a hacker breaching your system and a final attack being launched. IBM Security “Cost of a data breach” survey: IBM Registration form