Security tips: How to prevent leaked data and the next big breach

By Bev Robb, IT consultant

Data breaches can become a company’s worst nightmare and in 2015 it is quickly becoming the scourge of our times.

Leaked data

A few months ago I discovered a treasure trove of personal data in a Darknet forum that was leaked in the form of redacted spreadsheet files. Though these files were free for the taking (for any member that frequented this forum) – there is now an un-redacted version of the database that includes credit card data that is currently selling for a premium price to anyone who can pay the bitcoin.

As of this writing: AlphaBay, a Darknet market, is currently selling unique user profiles from data leaks that can easily be used for identity theft purposes. They are the type of profiles that can be used for bank accounts, bank drops, and bank loans, ID verification, PayPal accounts, tax purposes, and much more.

There are also forums that discuss the latest and greatest data leaks. I hang out in these forums. Though most of the transactions are made in the markets and through private messages (PMs), when a hacker releases a sample of fresh data or a (rare) redacted dump, the atmosphere in these forums can be likened to a jamboree. It becomes celebration time.

When a new hacker offers a fresh data dump (in the forums) he or she can become an instant celebrity (if the hacker was virtually unknown before); while an esteemed hacker will continue onward in a blaze of virtual glory.

Hackers for hire

Hackers for hire is nothing new. There are plenty of sites that offer professional hacking services in a secure and discrete setting. Sites such as Hackers List try to make the process of hiring the right hacker simple and worry-free. According to their website: Each hacker undergoes a review process and must maintain a minimum of a three-star rating and must also pay the site a percentage of any project they are hired.

Higher tier sites such as Cryptohackers offer Certified Ethical Hackers that are alleged to be highly skilled in hacking websites, email, social media sites, mobile device and cell phone hacking, and also offer custom-tailored hacks.

Premium hackers also operate on the Darknet and I2P, they are well known by their reputation and hacking savvy. Though, the most exclusive five-star hacker-for-hire is extremely difficult to contact — to hire one of these elite hackers — you have to know somebody who knows somebody and you have to jump through plenty of hoops.

Data breach tips

According to the 2015 Verizon Data Breach Investigations report there was more than 7 million vulnerabilities exploited and 2,122 confirmed data breaches in 2014. With phishing techniques becoming more sophisticated, the report also stated that 23 percent of users still open phishing emails, while 11 percent open the attachments.

Blogger Gill Press recently stated this at Forbes:

“To prevent the continuing loss of money, reputation, and customers, companies must make stopping cybercrime a team effort, internally and externally. Collaboration is the essence of preventing data breaches and responding to them effectively.”

Press also recommends companies should invest more in educating their customers in security best practices and what they should do in case of a data breach. In the same breath, companies should also invest more in employee education and keep a close eye on the possibility of insider threats.

If a data breach does occur: Swift, straight-forward, and up-front communication is imperative in order to guard against reputation and credibility damages. With so many data breaches happening around the globe lately — customers appear to simply be shrugging them off.

Do you think customers are suffering from data breach exhaustion?

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

About the Author: Power More