Just how secure is our data?
Most companies have complex and efficient security protocols to defend against potential external cyberattacks but the largest threat maybe from within the company. Most security breaches reported nowadays are due to human touchpoint error. The recent cash app data breach is also an example to consider, with an estimated 8 million users whose data has been breached due to an internal employee leaking sensitive information. While there will certainly be legal action taken against the employee but ultimately the question arises at what cost? The data of those 8 million people is already out in the open, which may include personal and confidential details.
The leaked data ends up on the dark web available to the highest bidder. This data can then be used in other ways to gain more information. In this particular case, the data leaked was about traders, and other trading apps may use this data to undermine the present business. Since trading data is leaked, other companies can gain access to customers into their own ecosystems; illustrating an example of “Data is the new weapon”.
Understanding the Dark Web allows companies to help its customers, clients, and safeguard its own resources.
Tracking Threats: Most underground attacks are planned in forums of these dark web sites. These notable attacks can be planned on an organization, persons of interest or VIPs. To understand these threats, we need to understand the market, which includes forums, reputations of notable hackers, the market of data being collected, etc. By continuously tracking and monitoring these threats, they can be mitigated beforehand and we can undertake necessary precautions.
Passwords/Credentials: This is the most common of all, when a data breach contains passwords it increases the value of data being sold threefold, so this is the most targeted type of data. Once an unauthorized person gains access to these credentials, they can emulate users and bypass security systems. By continuous monitoring of any potential data breach, companies can identify the threat beforehand and take quick action by notifying the affected users to reset their passwords.
Cyber Fraud: This is the case where payments details like credit/debit cards, phishing information, and counterfeit goods are sold, By monitoring these types of data companies, companies can act fast and mitigate the threats. Notable products sold include phishing kits in which you can target unsuspecting users, Another fraud in recent times is Gift Card fraud where these gift cards are traded as a form of payment across criminal forums, dark web markets, and dark web sites.
These data breaches may happen due to the weakest link in a company which is why cybersecurity awareness for all employees is critical. In essence, employees are the last line of defense for any company. While technology can eliminate most attacks, it cannot completely eliminate threats. This is why it is everyone’s responsibility to remain updated on the latest cybersecurity measures placed by your company which may also help save your personal data! Go over the following questions and think about the security in your own home:
How secure is your internet connection while working with personal data?
Are your smart home devices secure enough to store your WiFi credentials?
Do you own an Echo/Google Smart Home Assistant? Are you certain they are not always listening? Check if your device has a mute button – do you always press it to discuss sensitive data?