Cybercrime starts and ends with thieved information.
According to ITProPortal, the cybercrime economy could be bigger than Apple, Google and Facebook combined. The has full grown into an organized market that is probably more profitable than the drug trade.
Criminals use innovative and state-of-the-art tools to steal dark web links information from large and small organizations and then either use it themselves or, most common, sell it to other criminals through the Dark Web.
Small and mid-sized businesses have become the objective of cybercrime and data breaches because they don’t have the interest, time or money to set up safeguarding to protect against an attack. Many have thousands of accounts that hold Personal Identifying Information, PII, or intelligent property that may include patents, research and unpublished electronic assets. Other small businesses work directly with larger organizations and can serve as a website of entry similar to the HVAC company was in the objective data breach.
Some of the brightest minds allow us creative ways to prevent valuable and information from being thieved. These information security programs are, for the most part, defensive in nature. They basically put up a wall of protection to keep malware out and the information inside safe and secure.
Sophisticated cyber-terrorist discover and use the organization’s smallest links to set up an attack
Unfortunately, even the best defensive programs have holes in their protection. Here are the challenges every organization faces according to a Verizon Data Breach Investigation Report in 2013:
76 percent of network intrusions explore weak or thieved recommendations
73 percent of online banking users recycle their account details for non-financial websites
80 percent of breaches that involved cyber-terrorist used thieved recommendations
Symantec in 2014 estimated that 45 percent of all attacks is detected by traditional anti-virus which means that fifty-five percent of attacks go hidden. The result is anti-virus software and defensive protection programs can’t keep up. The criminals could already be inside the organization’s walls.
Small and mid-sized businesses can suffer greatly from a data breach. Sixty percent go out of business within a year of a data breach according to the National Cyber Security Alliance 2013.
So what can a corporation do to protect itself from a data breach?
For many years I have strongly suggested the execution of “Best Practices” to protect personal identifying information within the business. There are basic practices every business should implement to meet the prerequisites of federal, state and industry rules and regulations. I’m unfortunately very few small and mid-sized businesses meet these standards.
The second step is something new that most businesses and their professionals haven’t heard of or implemented into their protection programs. It involves monitoring the Dark Web.
The Dark Web holds the secret to slowing down cybercrime
Cybercriminals freely trade thieved information on the Dark Web. It holds a wealth of information that could negatively impact a businesses’ current and prospective clients. This is where criminals go to buy-sell-trade thieved data. It is straightforward for fraudsters to access thieved information they need to imbed business and conduct nefarious affairs. A single data breach could put a corporation out of business.
Fortunately, there are organizations that constantly monitor the Dark Web for thieved information 24-7, 365 days a year. Criminals freely share this information through forums, blogs, websites, message boards, Peer-to-Peer networks and other black market sites. They identify data as it accesses criminal command-and-control servers from multiple geographies that national IP addresses cannot access. The amount of sacrificed information gathered is incredible. For example:
Millions of sacrificed recommendations and RUBBISH BIN card numbers are farmed every month
Approximately one million sacrificed IP addresses are farmed every day
This information can stay on the Dark Web for weeks, months or, sometimes, years before it is used. A corporation that monitors for thieved information can see almost immediately when their thieved information shows up. The next phase is to take aggressive action to clean in the thieved information and forestall, what could become, a data breach or business identity theft. The information, essentially, becomes useless for the cybercriminal.
What would happen to cybercrime when most small and mid-sized businesses take this Dark Web monitoring seriously?
The effect on the criminal side of the Dark Web could be crippling when the majority of businesses implement the program and take advantage of the information. The goal is to establish thieved information useless as quickly as possible.
There won’t be much affect cybercrime until the majority of small and mid-sized businesses implement this kind of offensive action. Cybercriminals are counting on very few businesses take aggressive action, but if by some miracle businesses wake up and take action we could see a major affect cybercrime.
Cleaning up thieved recommendations and IP addresses isn’t complicated or difficult once you know that the information has been thieved. It’s the businesses that don’t know their information has been sacrificed that will take the biggest hit.
Is this the best way to slow down cybercrime? What do you this is the best way to drive back a data breach or business identity theft — Option one: Wait for it to occur and react, or Option two: Take offensive, aggressive steps to find sacrificed information on the Dark Web and clean it up?