How Much is your Data Really Worth?
Another day, another data breach.
It seems like not a day goes by without hearing about another high-profile data breach being reported on in the press.
In recent weeks, Dixons Carphone, SingHealth, Fortnum and Mason, Ticketmaster and Costa Coffee have all reported large-scale data breaches that have resulted in the theft of valuable customer data.
A data breach typically occurs when an unauthorised attacker gains access to a secure database that contains sensitive, protected or confidential information.
In many cases this is a result of cyber breaches via hackers, malware and phishing that results in the loss of credit card data, personal health records and financial information.
There are a host of reasons why hackers want to get their hands on our sensitive data but, more often than not, it all comes down to money. Our data can be used to commit identity fraud, apply for loans or sold on to the highest bidder on the dark web.
The dark web provides the perfect platform for hackers to trade their stolen data without fear of reprisal or getting caught by the police. It can only be accessed using specialist software and any websites hosted on the dark web are encrypted ensuring they can’t be found using traditional search engines or browsers.
Most sites hide their identity using a Tor encryption tool which effectively hides their identity and activity. It can also be used to fake a location making it appear that the user is operating in a different country to where they are actually located.
The anonymity the dark web provides makes it a huge draw to those users who want to engage in illicit or fraudulent activities such as drug trafficking, gambling, selling stolen data, counterfeit goods, guns, and swapping child abuse images.
This vast underground criminal network operates 24 hours a day, 7 days a week, and is the ideal location for hackers to sell their wares and see how much of a profit they can make for their stolen data.
But how much is our data actually worth?
Surprisingly, not as much as you think! There are several factors that will affect the price your data fetches online but it all comes down to supply and demand. If there is a low supply of particularly valuable information, then this will obviously become more attractive to criminals.
There are also different prices placed on different types of data. One of the hottest commodities to buy in this underground network is stolen personally identifiable information (PII). This is data which can be used to identify or locate an individual and typically includes usernames, passwords and contact details.
Credit card information is one of the most commonly trafficked PPIs on the dark web and is sold for anything between £5 and £30 per card.
A recent report from Virtual Private Network (VPN) comparison service Top10VPN.com found that social media login details can be bought for as little as £1, whereas one of the most sought after stolen data sets includes PayPal login details, which can be bought for £297.
Image: Dark prices on web (Top10VPN.com)
But it’s not just our personally identifiable information that can be bought for rock bottom prices. Cybercrime tracker Recorded Future recently reported that it discovered a hacker attempting to sell secret documents about a US Military drone for as little as $200.
One of the main reasons our data is increasingly being traded at such low prices is because hackers can obtain it so easily. They use a range of tactics to break into networks to steal this sensitive data and we make it all too easy for them by using weak security practices.
As long as this bustling underground market continues to thrive, cyber-attacks will remain a constant threat to individuals and businesses across the world. There are however, a number of steps we can take to protect our data online:
1. Create strong passwords
Creating a unique password is one of the easiest ways to protect yourself from being hacked online. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols.
2. Never click on suspicious links
The most common type of phishing scam involves tricking people into opening emails or clicking on a link which may appear to come from a legitimate business or reputable source. Signs of a phishing email include; a generic greeting, urgent or threatening language, a mismatched URL, a request for personal information or poor spelling and grammar.
3. Be careful what you post online
To reduce your chance of being hacked, think more carefully about what you post online. Take advantage of enhanced privacy options, restrict access to anyone you don’t know and create strong passwords for your social media accounts.
4. Install Anti-Virus software
Anti-virus software detects threats on your computer and blocks unauthorised users from gaining access. Software should also be updated on a regular basis to prevent hackers gaining access to your computer through vulnerabilities in older and outdated programmes.
5. Avoid using Public Wi-Fi
Public Wi-Fi requires no authentication to establish a network connection, allowing direct access to unsecured devices on the same unencrypted network. A VPN can be used to encrypt your internet connection making it secure and protecting your privacy. Other safety measures include turning off sharing, sticking to secure sites and switching off Wi-Fi when not in use.
Sign up for our fortnightly newsletter at https://www.cyberradio.com/ to keep up to date with the latest cyber security news and advice on how to keep you and your family safe online.