Knowing what cybercriminals do with stolen data is more than just a matter of curiosity. It’s an important part of understanding how they operate and what’s at risk. Among the most common misconceptions is that it’s always about direct financial gain, but that’s an oversimplification. For example, a medical record is typically worth a lot more on the black market than stolen credit card information, simply because it contains a wealth of personal information used for identity theft.
While identity theft is itself deeply concerning, it’s what comes after that companies really need to worry about. Data breaches can have devastating effects on companies, their employees, and their customers. And, contrary to popular belief, it doesn’t always end up in marketplaces on the dark web. Sometimes, stolen information may be sold to rival companies, used by state-sponsored attackers, and more.
Personally identifiable information
Personally identifiable information (PII) refers to any record (either digital or hardcopy) that contains information that can be used to identify a specific individual. It may include names, birth dates, home addresses, phone numbers, and social security numbers. Such information is worth a lot to cybercriminals since it lets them impersonate others and do things like obtain state benefits or carry out highly targeted and personalized social engineering scams. In other cases, less-regulated forms of PII may be sold to unscrupulous marketing firms specializing in spam campaigns.
Unsurprisingly, financial information is an obvious target for cybercriminals, although it’s not the most valuable. After all, payment cards can be blocked the moment they’re reported lost or stolen, and they’re of limited value to criminals who don’t know the PIN code as well. That doesn’t mean it’s not a major cause for concern, though; stolen financial information can still be sold on the black market for creating counterfeit payment cards or, worse still, siphoning money directly out of victims’ accounts. Financial information may be used for identity theft as well or even be held for ransom.
Patient health information
Healthcare information is highly sensitive in nature, not just from a privacy standpoint, but also for security. Because medical records contain confidential data like social security numbers, it may be used for identity theft. In fact, the value of PHI is typically worth 10 times more on the black market than personal credit card details. Criminals may use this for social engineering scams, extortion, or even for ordering medical equipment or drugs, which can be resold on the street. Because of these risks, PHI is protected by HIPAA and HITECH, which set out the security and privacy standards organizations must adhere to.
Your company’s intellectual property is often its most valuable internal asset, and while having it stolen might not impact customers directly, it can cause massive damage to your business. Cybercriminals often target digital intellectual property for piracy, which can eat away at your revenues, but that’s far from the most serious threat. Rival companies or even state-sponsored attackers might also try to steal intellectual property for their own gain. In other cases, leaks are deliberately perpetrated by insiders to discredit a company or publicly disclose pre-release products for personal or financial gain.
In any reasonably secure environment, all the above will be kept under lock and key, typically behind a set of user credentials. To open up a path to the most valuable data, hackers often target login names and passwords. Major cyberattacks often involve the compromise of entire databases of user credentials, which might then end up on the dark web. To reduce the chances of user credentials being stolen, businesses must protect their accounts with at least two user verification factors, rather than rely on passwords alone.
Tech Squared helps businesses keep ahead of the threats and add value with dependable IT solutions. Get in touch today to find out more.