Levon Gasparian is CEO of Infopay, a data technology company, and founder of IDStrongan identity verification and protection service provider.
Big companies have deep pockets. You would expect that they would be better able to protect themselves against online threats. However, numerous data breaches affecting major public companies have littered the dark web with personal information of top executives.
Crisis leads to cybercrime
In turbulent times like these, threat actors benefit from the unrest and instability. Actual events divert attention from these criminals operating in the dark, resulting in ransomware, service outages and data breaches across multiple sectors. No matter the size of the company, no one is immune to these dangers.
In the past year Constella 66,000 data breaches discovered (download required) and more than 42 billion personal records leaked on the dark web. This data circulates on the Internet, revealing people’s names, email addresses, phone numbers, IDs and passwords, along with more sensitive data such as social security numbers, credit card details and passports. Cyber criminals are using this data at an alarming rate for fraud, identity theft and other crimes.
Threat actors like to target high-level executives, and as of 2018, according to Constella, 78% of a pool of 120 (C-suite) executives had lost their credentials in a data breach. The industries hardest hit are banking and finance, healthcare and business.
The references can also be the targets. About 60% of data breaches arise from stolen login data, which adds to the concern.
Constella’s intelligence report found that email addresses (88.7%) and passwords (62.8%) were the most frequently stolen. Then came names, phone numbers, usernames, addresses, and other PII.
Cyber criminals link this metadata to exposed details of social channels (Facebook, Skype, MSN, LinkedIn, Twitter, etc.) to profile and target specific individuals by learning about their family status, hobbies, locations, relatives and more. These advanced harvesting techniques prove successful with high-level executives.
Other risk factors
Despite the dire warnings, companies still store passwords in plain text. According to Constella, about 22% of the passwords found were readable without any encryption. Weak password security management puts individuals and businesses at risk. Once a hacker has credentials and breaks into the network, they can go undetected for months.
The Constella report confirms that the cost of stolen dark web credentials has increased by 178%, making them more valuable and worth the increased risk. In addition, entire databases of stolen information are sold on the dark web, for example the US Social Security Number Database and the T-Mobile 2021 database breached.
Covid-19 fake vaccination cards and test kit campaigns continue to circulate, trying to steal valuable personal data. Additional ongoing risks include DDoS attacks, defacement, data breaches, ransomware, APT (advanced persistent threat), and targeted phishing campaigns.
Tips to protect your sensitive data
Top executives are now more at risk than ever before. One in three data breaches leads directly to the firing of people who have lost their credentials. The best prevention is education about how these threats arise, checking for warning signs and taking preventive measures. Some tips to protect your sensitive data are:
• Tighten password policies and require multi-factor authentication for all employees.
• Keep regular backups offsite for easy recovery in the event of ransomware.
• Encrypt all data and passwords.
• Invest in training employees and executives on cybersecurity best practices, threat awareness and response.
• Implement advanced security protocols to protect personal data.
• Develop a response strategy and teach all employees how to implement it.
• Monitor systems 24/7.
Employees and executives
• Do not use business email for personal purposes.
• Do not give personal information to anyone who asks for it online.
• Change passwords for business and personal accounts regularly.
• Limit posting of personal information on social media and networking sites.
• Don’t click links in email or text messages if you’re not sure who sent them.
• Educate yourself about personal privacy and data protection.
• Notify your employer if you have or suspect a seizure.
• Alert all financial organizations involved and change bank or credit card account numbers.
Identity theft and fraud can have long-term consequences. As a leader, your life can be ruined by the online loss of personal information. It’s not just your business to protect you; you need to learn how to protect your data from theft and misuse. Take the necessary measures to protect yourself from cybercrime. As risks increase and tactics change, the solution remains the same: awareness, education/detection, and response.