Insights • Blogs/Articles

Data and the Darknet: the unwanted side-effect of digital transformation

Where there are people, there is data. When the people are flocking online at an unprecedented pace and digital innovation drives new, creative and untested online uses of personal data it becomes difficult to control. Where there are people and data, there is data theft and fraud.

Digital transformation was the buzzword of 2020, as the developed and developing global population was forced online to interact, consume and entertain. Digital transformation drove the collection of huge volumes of data (personal and financial details, passwords, behavioural data and much more), creating a perfect playground for cybercriminals to steal it and sell it or use it for fraudulent purposes.

Whether it’s the theft of identity data, account access password information or the stealing of bank and credit card details, data breaches and cyber attacks are becoming endemic, with 117 publicly recorded security incidents in October 2020 alone, resulting in at least 18.4 million user records breached (source: itgovernance.co.uk).  Of these attacks, a significant number were data breaches and the theft of financial information by hackers who subsequently sold the data on the darknet.

The value of stolen data on the darknet varies, but some high-profile examples from 2020 reveal that, for data including high volumes of personally identifiable data (PII) and financial information, there are buyers willing to pay big premiums. Data stolen includes names, addresses, email addresses, phone numbers, passwords (encrypted and unencrypted), all of which generate significant criminal value when used as weapons to defraud unsuspecting consumers.

As an example, according to research from cybersecurity firm Digital Shadows, in December 2020 over 15 billion stolen account credentials were being sold on the darknet, including 5 billion never sold before. From their analysis, researchers found that the volume of stolen credentials had risen by 300% since 2018 and noted that accounts, which allow infiltrating the critical systems of an organization, are auctioned and can fetch an average price of over $3k while the most valuable batch recorded was auctioned for $120,000.

To learn more about how we work, or to discuss the Sekura approach with any of our team, Contact Us.