May 2022 | by Lili & Felix
Everything is easier online. Whether organizing a conference, paying your business’ suppliers, or checking news from the stock exchange, the internet saves us time and effort. Unfortunately, that’s just as true for more sinister activities as well.
Like the theft of sensitive company data.
Back in the exclusively offline days, thieves had a harder time getting their hands on sensitive information. For example, if a competitor wanted to have a peek at your brand’s trademark-protected designs, they had to send in a corporate spy to physically access your offices.
Today, when a vast amount of sensitive information is stored online, thieves have a much easier time. Instead of an elaborate con involving spies and dark alleys, people with malicious intent can access sensitive data by various ways, including hacking into your system or stealing your login credentials.
Or, even easier, they can check if someone else has already stolen it and simply buy it online.
Information is one of the highest valued commodities today. No wonder that the number of incidents is rising: according to the 16th Annual Data Breach report issued by the Identity Theft Resource Center, 2021 saw 68% more data breaches at businesses than the previous year. These incidents have affected 294 million people and exposed 18.5 million sensitive records.
This, of course, comes at a price: according to IBM’s report, the cost of a single data breach in 2021 amounts to $4.24 million, increasing from $3.86 million calculated in the previous year. IBM found that compromised credentials caused the most breaches, around 20% of the total amount.
Verizon’s 2021 Data Breach Investigations Report discovered that a significant amount, 28% of data breaches affected small businesses, with the rest targeting larger companies. External actors carried out the majority, 70% of incidents, with organised crime groups being involved in 55% of data breaches.
Unfortunately, this also means that a significant amount, 30% of breaches are conducted by internal actors, a.k.a your employees.
Examining the effect of data breaches on a company’s performance on the stock exchange, Comparitech found that immediately after news of the breach reached the public, share prices dropped by 3.5% on average. But the downward spiral doesn’t stop there: as a serious long-term effect, breached companies tend to underperform the stock market by 15% even three years after the attack.
Despite these dire figures, half of all affected organisations (e.g. businesses, public authorities, educational institutions, etc.) only spend between 6-15% of their IT budget on security measures.
As the Verizon report pointed out, your competitors are not the only ones after your data. In fact, stealing business data is a business: both individual hackers and organised crime groups have discovered the lucrative side of acquiring and selling corporate data to interested parties.
Twitter, LinkedIn, Facebook, Yahoo, Marriott, Quora, eBay, Capital One, and countless other companies (and their clients!) have been affected by significant data breaches over the years. In 2022, giant corporations like Microsoft, Crypto.com, and even the Red Cross fell victim to data breach attempts with varying success.
Once acquired, thieves tend to post stolen data on various webfora, including specific marketplaces both in the “regular” internet and on the darknet.
For example, a site with roots in both the light and the dark web is called Genesis Market. As an investigative report by CBS News puts it, “the Genesis Market is an easy-to-use online shop that sells login credentials, cookies and device fingerprints, website vulnerabilities and other sensitive data that help hackers thwart security protocols.”
Unfortunately, we can corroborate the CBS report. As our clients are not immune to data breaches, we’ve come across Genesis and several other similar sites in our work as online brand protection experts.
It is indeed easy to find and purchase login credentials to a wide variety of software and public institutions on Genesis.
Screenshot of genesis.market listing available access credentials to various companies
It’s important to note that stolen access credentials don’t necessarily mean the company in question has been hacked. In fact, it’s entirely possible that clients of that company’s subscription service (e.g. users’ Netflix or Instagram accounts) were hacked and it’s their compromised login credentials that are up for grabs.
And let’s not forget that stolen login data is only the first step in a devastating domino effect. Once an email address that is used for verification purposes is compromised, fraudsters have access to everything you verify with that email, like bills and bank transfers, not to mention all the data you keep stored in that email account…
It’s usually easy to detect when your offices were physically broken into. A shattered window, a bent lock and disrupted files are all telltale signs of unauthorized access. But what about a data breach?
Sophisticated hackers can get in and out without leaving any discernible signs that they’d ever been there. Brands are none the wiser and only learn about the attack when stolen credentials begin to circulate on the net en masse.
In fact, according to Comparitech’s findings, over 60% of incidents are only discovered several weeks after the initial attack. It’s easy to see why: unless you’re specifically looking for stolen data, you won’t easily stumble across it.
Don’t worry, we don’t want you to don a black ski mask and start scouring the darker corners of the internet. Luckily, there’s an easier solution.
globaleyez can do it for you.
Our versatile marketplace, image, domain, app and social media monitoring services are geared towards detecting IP infringing content on the internet. Depending on your brand’s specific requirements, we can monitor marketplaces like Genesis and various domains where your stolen company data may resurface.
A round of regular checkups can help you detect if your business has been compromised. Swift detection allows for swift action, limiting the potentially devastating consequences of a data breach and giving you control of your brand’s sensitive information.
Don’t let undiscovered data breaches destroy your company.