We've updated our Sexual Harassment Courses to include changes to The Worker Protection Act
BLOG ARTICLE
Last updated: 29.08.17

How much is your business's data worth to cyber criminals?

Most businesses these days cannot fail to be aware of the increasingly significant risk that cyber-crime poses to their operations. In the past, the threat of hackers was only seen as relevant to a small percentage of tech-focused companies, but in this modern connected era, there are few organisations that do not see data theft as one of the biggest dangers they could face.

However, the field of cyber security is also unfortunately characterised by a significant gap between awareness and action, with many firms failing to take their data protection responsibilities seriously enough. In some cases, this may simply be because they don't quite realise how valuable their information can be to cyber criminals - or just how much damage that data can cause if it falls into the wrong hands.

As such, it may be worthwhile for businesses to do more to educate their staff on the value of stolen digital data and the ways it can be misused - that way, staff might be able to get a better understanding of why it's so important to be as vigilant as possible about cyber security at all times.

What kind of data is most frequently bought and sold?

The nature of data theft was recently highlighted in a report from Keeper Security, which demonstrated the wide range of different information types that cyber criminals are keen to get their hands on.

Naturally, credit and debit card data are popular targets for theft, with hackers often selling large bundles of information that include not only the card numbers and security codes, but also dates of birth, credit scores and limits, mothers' maiden names and guidance on specific geographies of usage.

Additionally, passwords for online payment service accounts tend to be widely circulated, with the cost of stolen data increasing based on the balances in the accounts, while personal health information and electronic medical records are also frequently targeted, as this kind of sensitive data can be used to undertake massive insurance fraud or carry out blackmail schemes.

What value do criminals place on this information?

Generally speaking, the cost of stolen credit card data is roughly £15 to £30 - or the equivalent value in bitcoins - with prices rising for EU, Canadian and Australian credit cards, or those that come with a very complete set of information about the cardholder.

Bank login credentials vary in price from £100 for access to accounts with £2,000 or less, to upwards of £1,000 for accounts containing £15,000 or more. Meanwhile, the amount criminals will spend on electronic medical records can fluctuate from £100 to £350, depending on supply and demand.

If these amounts seem like less than you might think, it's worth remembering what this implies - that prices are coming down because hackers are finding it so easy to steal the information, and that fraudsters can get access to more data for less money than ever before.

How do they get away with it?

What makes this trend especially troubling is how easy it has become for cyber criminals and fraudsters to buy and sell their stolen wares, with relatively little danger of discovery.

This is because most of these illicit transactions take place on the so-called dark web, a hidden part of the internet that can only be accessed using special software that masks the identities of users.

Once there, criminals can browse collections of stolen data as they would with any other ecommerce site, leaving ratings for other users and taking advantage of the essentially anonymous nature of bitcoin transactions to get what they need with limited risk of their activities being traced.

What can businesses do to stop this?

Given the thriving and lucrative underground business that has sprung up around information theft, it's never been more vital that legitimate organisations are doing everything they can to protect their vital data.

That means investing in cyber security training and making sure that all members of staff - from management down to the rank-and-file - are all adhering to the same rigorous data protection standards. Investment in sophisticated security technologies is all well and good, but it'll make little difference if your workers haven't been drilled on the basics, such as how to create strong passwords or avoid common scams.

By making the effort to improve performance on this crucial front, businesses can do their bit to protect themselves and choke off the cyber criminals' lucrative lifestyles at the source.

Summary: Stolen digital data can be worth a considerable amount to online cyber criminals - so it's vital for businesses to make life hard for them by taking cyber security as seriously as possible.

Source
What is the value of stolen digital data?


Related resources