“The information, it just sits there waiting for you to get it.” –Ngô Minh Hiếu, reformed cybercriminal
The Identity Theft Resource Center states that 2021 was a record year for data breaches in which 294 million people and businesses were victimized online. 83% of those breaches resulted in sensitive data being stolen, often because it was left unsecured online.
Exposing all this sensitive data is causing a serious issue.
TL;DR: There’s a bunch of exposed data online just waiting for cybercriminals to find it. Criminals are using that data to stock large databases of sensitive info they can use in various moneymaking schemes. Protect your data with Interplay.
At this point, most of us have a healthy suspicion about the internet. Sure, it’s a phenomenal tool that makes everything in life easier, more fun, more productive, and more efficient… but it’s also a playground for cybercriminals and scam artists. We all know it’s never a good idea to play fast and loose online with our credit card data, Social Security numbers, passport info, or other highly sensitive information.
However, many businesses are playing fast and loose when it comes to sensitive data. Worst of all, they often don’t understand the risks they’ve exposed themselves to.
Why? In our collective rush to move to the cloud a few years back, many business leaders forgot to take small cautionary steps during cloud data migration. A missed command here, an unchecked toggle there, a forgotten open port over there – and now in an investigation commissioned by ProPublica, an internet scan has uncovered 7.2 million exposed databases. Grayhat Warfare, a service that monitors cloud storage folders for dubious reasons, states that 8 billion folders are exposed across the cloud.
Each of those databases and cloud folders may contain quite a bit of sensitive data.
Of course, long-time readers of this blog understand that exposed data is a problem because it usually leads to a data breach. And by “usually,” we mean “darn near guaranteed.” A test by a Comparitech, a service that helps consumers better protect their online data, determined that when they intentionally left a database open, it was intruded just 8 hours and 35 minutes after it went live… and then was intruded 174 more times over the next 10 days. (The test finally ended when the database was hit by a ransomware attack.)
So, sure. Data left exposed is “darn near guaranteed” to lead to a data breach in as little as 8.5 hours, and breaches are a costly headache. However, mass data breaches cause more than just personal or business pain: they cause systemic pain.
Consider this: Since the beginning of the pandemic, tens of billions to hundreds of billions of dollars have been stolen from unemployment insurance payments because of ID theft. It takes surprisingly little information for a cybercriminal to successfully file unemployment claims under your name.
With the staggering numbers of massive, high-profile breaches that have occurred over the past few years, all the information a cybercriminal needs is probably already available to him/her/them. Since 2021 was a record year for data breaches, those criminals have more data to work with every day.
A wide range of cybercriminals are out to get data these days.
Some cybercriminals are sophisticated. These thieves saw an opportunity when businesses all leapt to the cloud en masse a few years ago, and they crafted a strategy to leverage that opportunity. Like your business or ours, they probably invested in some better hardware and targeted software so they could be first to market with their plans. (However, one big difference between them and us is that their investments were for things like automated ransomware software subscriptions. Ick.)
Other cybercriminals are NOT sophisticated. Just as businesses were leaping to the cloud a few years ago, students were sent home to learn remotely. Yup, that’s right: some enterprising middle- and high-school students spent their extra time at home watching YouTube videos about hacking. As it turns out, you can get a great introduction to simple yet effective hacking tactics if you just have the time to watch endless YouTube.
“[Hacking] is coming from kids with internet access and the ability to run a Google search and watch YouTube videos.” – Troy Hunt, cybersecurity expert and founder of the impressive cybersecurity alert system haveibeenpwned.com
Whether the data breaches come from state-sponsored attacks, sophisticated criminals, or bored and malicious youngsters, the fact is that the criminal underground is amassing a treasure trove of data. Their efforts went into high gear in 2021.
Perhaps you’re shaking your head because you’ve done your homework and you know that each hacked database or file folder will only have a smattering of data about a smattering of people or businesses. You’ve worn enough hats over the years as the leader of an SMB to understand quite well how much time and effort it would take to collect and collate all that disparate data. You don’t think cybercriminals are organized enough to pull off such a massive undertaking.
You’re underestimating today’s cybercriminals.
Just like all the business pundits, modern hackers understand that “data is the new gold.” Whether they sell data, ransom it, use it for blackmail, or leverage it for identity theft to steal unemployment checks, cyberthieves are determined to squeeze every ounce of value out of the data they’ve stolen. They even use data to barter with other cybercriminals. Alison Nixon, the chief research officer at the awesomely named cybersecurity counterintelligence firm Unit 221B, says that hackers will build a huge collection of leaked databases and “trade them like Pokémon cards.”
In the stress of the pandemic, the mess of working from home, and the rush to cloud services and storage, many businesses are unintentionally exposing their databases and files online. Here in tech-centric Seattle, there may be quite a bit more data being exposed online by businesses than in less techie places.
Your organization may be exposing some of that data.
Data laws are heating up across the US and here in Seattle, and it’s inevitable that the business cost of data breaches will soon increase exponentially. In the meantime, however, it’s important that you carefully investigate all your data and determine where it is, how it’s being used, and where it’s exposed and why. Not only does this exercise help you avoid the costs and hassles of data breaches, it also significantly improves your cybersecurity because it empowers you to use Zero Trust methodologies.
We’ve talked before on this blog about how ransomware is like vampires but, really, cybercriminals are like vampires. They can’t get in unless you leave the door open and invite them in – but once they’re in, they will drain you dry.
Don’t unintentionally (or intentionally!) leave the door open for cybercriminals. Instead, figure out how you can bar the door and keep them out.
For 20+ years, the friendly and knowledgeable IT services team at Interplay has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.