According to the Identity Theft Resource Center, the number of reported breaches dropped from 1,362 in 2019 to 1,108 in 2020.1 At first glance, it may appear we’re getting ahead of the malicious actors who perform these breaches. However, the way in which cyberthieves are obtaining our information is changing, as ransomware and phishing attacks are now the preferred method of data theft. In a more connected world where flexible working environments, such as working from home, have become more common, organizations are continually at risk in new ways. Cybercrime continues to grow as the primary motivation for breaches, growing from 83 percent to just above 85 percent in 2020.2
In a BKD webinar, “More Connected, More at Risk: Addressing Cybersecurity Concerns for Your Organization,” we examined how compromised data is often sold on the dark web. The dark web is a part of the internet not readily accessible through traditional browsers such as Internet Explorer, Safari, or Chrome, thus requiring an anonymizer, such as a Tor (The Onion Router) browser, to access.
The dark web is vast and contains different types of sites, including:
- Discussion forums and chatrooms – Where common vulnerabilities and information about organizations are shared. This is where hackers often discuss plans for attacks against organizations and recruit other members.
- Paste sites – A place for large data dumps. These may include previously compromised and other dated information. Remember, nothing put on the internet ever truly goes away.
- Marketplace – The most common type of site on the dark web where illicit and other items are for sale. These online shops provide:
- Drugs and paraphernalia
- Stolen credit cards
- Compromised health information
- Personally identifiable information such as personal records, passports, and driver’s licenses
- Hackers for hire
Stolen credit cards, which compose the majority of items for sale on the dark web, only sell for an average of $1 each. This is because financial institutions have improved the response time for deactivating stolen card numbers, meaning the cards may not even be usable—and if they are, they may only be good for one or two purchases before they’re deactivated.
Other data, such as health identities, can go for $50 or higher, as buyers can use this information for various services, including routine healthcare checks, prescription drugs, and even medical procedures.
A growing threat to organizations is the use of shadow IT. Shadow IT refers to IT-related software or hardware used by employees that’s outside the organization’s ownership and control. This can include software applications, services, or wireless devices. Typically, employees use shadow IT with good intent, such as to perform their duties more efficiently. However, they unwittingly expose their organization to a potential cyberattack. Since these items aren’t purchased through regular IT procurement channels, security is overlooked. As the usage of shadow IT continues to grow, especially with the increase in remote work during the COVID-19 pandemic, it is imperative for organizations to recognize this threat and establish policies regarding technology usage.
While the internet poses numerous cyberthreats, here are five actions you can take to help mitigate your cyber risk:
- Know your inventory – Understanding what inventory you have and how it’s used to process data is key. An important part of this is the classification of data. Identifying which information is more critical to protect can help your organization classify the systems and databases that support this more sensitive data. It also can help your organization prioritize these systems and better invest in the security budget.
- Educate your team – Technology isn’t a substitute for employee, board, executive, and vendor education. It’s important to document and distribute your security policies. Let them know about the risk of shadow IT products, and advise them on how to acquire what’s needed through the appropriate channels. Another key step is to develop a robust incident response program that you annually review and test.
- Limit access – The principle of least privilege is crucial when it comes to both physical and virtual access. Organizations should control administrative privileges and limit access to only those functions an individual needs to perform job tasks. Don’t forget to maintain good physical security as well. Make sure guests, service delivery personnel, and vendors are properly vetted and escorted when in sensitive areas of your facility.
- Plan, prevent, and prepare – Consider implementing controls to help mitigate the potential risk caused by your fellow workers, such as locking laptops when they’re away from their workstations and filtering out suspicious emails addressed to employees. This also is a great opportunity to look out for shadow IT products that may exist in your environment. Another area is to develop a cyber incident response program with a policy that’s communicated across the organization. You also can consider cyber insurance, if you don’t already have it.
- Establish backups – Implement a regularly scheduled backup program that meets your organization’s needs and records retention requirements. It’s recommended that your backups are stored at a different location to provide better security. There are benefits to using cloud-based backups. Also remember to back up not just the data but the applications as well.
BKD Cyber is dedicated to helping organizations assess their cybersecurity risks, improve their cybersecurity protections, and respond to a breach. For more information, reach out to your BKD Trusted Advisor™ or submit the Contact Us form below.
1 Identity Theft Resource Center, “2020 End-of-Year Data Breach Report” ↩
2 Hackmageddon, “2020 Cyber Attacks Statistics” ↩