While the world’s attention remains fixed on the COVID-19 pandemic, data breaches quietly continue to affect companies of all sizes. From small businesses to the Small Business Administration, from Marriott International to Nintendo, stay-at-home orders and economic slowdowns haven’t stopped cyber thieves from swiping credentials and stealing information.
But what is it that hackers actually do with that stolen data to put businesses at risk? Much of it is exposed on the dark web, a network of online communities often used for criminal activities. Digital credentials—usernames, passwords, and other information used to log in to email accounts, social media platforms, and banking services—are some of the hottest items on the dark web.
Often, they’re traded, sold, or disclosed at a dizzying rate, making one breached password a gold mine for bad actors. And if a computer user relies on that same password to log in to multiple accounts, that digital credential can be traded, sold, and disclosed, again and again, from one cyber thief to another. That puts any information accessed by that computer user at enhanced risk.
Unfortunately, at this point in time, it’s more a matter of when than if a breach will impact you. In 2019 alone, security experts estimate that nearly 8 billion pieces of information—login passwords, phone numbers, email addresses, and financial accounts—were stolen. In the first quarter of 2020, healthcare data breaches doubled as the coronavirus pandemic swept the world.
More than 5 million guest records were compromised when Marriott suffered a hack in January. Nearly 8,000 small businesses had their information exposed when the Small Business Administration was attacked in the first days of the Emergency Injury Disaster Loan Program. And yes, hackers even targeted Nintendo, which has seen a spike in users during quarantine, stealing login details for 160,000 accounts.
Part of it is because hackers are so relentless. But part of it is also because computer users can be careless with their information. Cybercriminals can use brute-force hacking tools to crack passwords in seconds, while phishing emails, keylogging embeds, and credential stuffing offer other entry points to critical information.
Using the same password for multiple accounts is a major security issue, too. Cybercriminals can easily deploy automated protocols that reveal userX@thiswebsite.com uses the same password as userX@anotherwebsite.com. Password spraying tools then test lists of stolen credentials on multiple sites, allowing hackers to quickly compromise new accounts, even on websites that have strong cybersecurity measures in place.
Most companies don’t have the tools at their disposal to monitor the dark web for stolen credentials. Luckily, CMIT Solutions deploys intelligent services that combine human review and automated scanning to identify, analyze, and proactively analyze traffic on the dark web looking for any stolen credentials related to your business.
If passwords are hacked, our network of technicians spread across North America gets to work protecting your business. We track any usage of stolen credentials and mitigate access to other accounts connected to them. We monitor dark web chat rooms, transfer networks, and botnets 24/7 looking for compromised data. We watch cybersecurity trends closely, tracking updates about new phishing scams and malware twists. We scrutinize changes to data breaches and privacy law compliance to make sure our clients are secure.
To keep your company and your employees safe from the dangers of cyberattacks and the dark web. CMIT Solutions understands how dangerous data breaches can be during these unprecedented times—and we work hard to prevent them from impacting small and mid-sized businesses across North America. Want to protect your data before it’s too late? Contact us today.