If you are an American citizen over the age of 30, it is almost guaranteed that your home address, date of birth, social security information, and much more personally identifiable information (PII) is already exposed and being sold on the darkweb. While PII and credit card data is not quite a "dime a dozen", it's almost there. Nowadays, your personal data is packaged with others' and is a commodity available in bulk to any cyber criminals wanting it.
Unfortunately, the general public still believes that PII and credit card data are the primary targets of cyber criminals. While this information is still stolen on a regular basis, it is important for the public to recognize a bigger picture and threats posed by criminals around the world.
Most criminals are probably not specifically targeting you or your company, but without an effective security posture it is easy to be singled out. Mass scanning tools and distributed systems make finding security weaknesses easier for criminals than ever before.
This is a short list of common threats and attacks that occur when criminals find a security flaw in an organization's systems:
- Ransoms - Cyber criminals infect a single machine or entire organization's network with malware that encrypts all the data, making it unreadable without the key. This technique has proven highly effective for attackers and the threat continues to grow.
- Distributed Computing Power - Systems with weak security are often targeted in order to use the computing power at the will of the cyber criminal. When an attacker can execute software they've installed on thousands of machines, they can perform DDoS (Distributed Denial of Service) attacks on servers resulting in major outages. They can also use crypto currency mining malware to make a profit using other people's computing resources.
- Financial Market Manipulation - News of a breach can cause a significant drop in the value of a company. Cyber crime rings have been known to short stock of a company they've attacked, shortly before releasing news of the breach.
- Sell News of Breach - Reporters and media outlets are often happy to pay for news of a breach if it means they can be the first to report it to the public.
- Blackmail - It is common for an attacker to steal a customer list or other proprietary information, then demand a large sum of money from the compromised company. The cyber criminal threatens to sell the data or contact the customer list to diminish brand credibility.
- Email Access for Spear Phishing - Attackers gaining access to a company or individual's email system will often use that system to facilitate wire fraud or other malicious activities.
While a few cyber criminals focus on hacktivism and bragging rights, the vast majority are focused on generating income from targets of opportunity. It is important to realize there are many ways for criminals to profit from cyber attacks and they don't need to involve PII or credit card data.
When's the last time your company did a vulnerability scan? We offer a complimentary scan and consultation below!