Cybercriminals often take the path of least resistance to get their hands on valuable data. You might not make a huge payoff by dropping ransomware on a Fortune 500 company, but soft targets offer profitable payoff with a lot less effort and risk. In soft-target attacks, user data is the goal. Soft targets are those that hold a wealth of individuals’ data but might lack enterprise-class security. Recent targets have included hospitality organizations, municipal governments and agencies, schools, and small and medium-sized businesses.
Attacks on soft targets are often automated, making it fast and easy to go after stored programmatic data like shopping rewards accounts, property tax records, or student rolls associated with electronic device IDs. Targets might also be individual celebrities, high-net-worth people, business owners, or just everyday people. Data associated with someone’s movements, electronic devices, frequented locations, and associates can be parlayed into profit.
How? So what if someone knows all the Netflix shows I watch? A cyber crook might not care about your choice of shows, but the data associated with that account delivers a wealth of information—login info, address, phone numbers, email addresses, payment choices, schedule, and financial details. Now add in the fact that as of 2020, an audit of the dark web revealed more than 15 billion stolen credentials from 100,000 data breaches available to cybercrime actors. Approximately 5 billion are said to be unique, with no repeated credential pairs. It doesn’t take a lot to piece together enough data to take the next step.
“The next step” depends on the cyber criminal’s goals. These are a few examples of how this data is used—and some of them are pretty scary:
The point is, personal data is a huge target and there is no way of knowing exactly how it will be used. With every digital interaction, data is created and stored somewhere. If your business—or even you as an individual—are responsible for securing it, then you need to be aware of it and be able to effectively defend it. Get a handle on where data is proliferating and how it’s being used.
Let us show you how data surveillance works.