2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis.
Nonetheless, stolen data has value beyond a price tag, and in risky ways you may not expect. Evaluating stolen records is what Lab 1, a new cyber monitoring platform, believes will make a big difference for long-term cybersecurity resilience.
Think of data value this way:
- Stolen credentials can become future phishing attacks
- Logins for adult websites are potential extortion attempts
- Travel and location data are a risk to VIPs and senior leadership,
- And so on…
Hackers could retaliate for non-payment by simply posting their loot to forums where the data will be available for further enrichment and exploitation.
Shining a light on dark places
Even though your company may not have suffered a direct breach, your data may already be on the Dark Web. That is why Lab 1 gets hold of available data and contextualises it to assess risk.
The Dark Web started off as a closed network to protect dissidents. Now half of it is a popular backwater for criminal activity. According to the IMF, data marketplaces are the second most popular activity after pharma and recreational drugs.
Industry research in 2022 also found more than 24 billion username and password combinations on sale on the dark web, up from 15 billion in 2020. But there can be other records – intellectual property, accountancy documents, employee records and more.
Breaches end up being marketed by hackers with data descriptions and auction demands, often in Bitcoin. By getting hold of these records, no matter their value or half life, Lab 1 builds a picture of risk exposure.
You may not think of your supply chain as a source of cybersecurity risk, but you should. 53% of organisations have had a data breach caused by third party information theft, according to Ponemon Institute.
Data breaches can and do spread outside the perimeter of your business. That's the insight that drives the Lab 1 platform. In an interconnected business, the tools you use, the agencies you hire, and the subcontractors you use to perform everyday business are all potential vectors of attack.
Say you're a client of a software vendor, and their stolen data pack includes code access to the servers of various clients, it's likely to include yours. Or what if trip details of VIP customers get leaked and they're about to show up at an important conference?
Monitor your supply chain
Fallouts from cybersecurity breaches don't have to be inevitable. Lab 1 monitors, alerts and analyses data breaches across a company's entire supply chain by finding and contextualising data found on forums, messaging platforms and Dark Web marketplaces.
Using Lab 1, organisations can "follow" the companies they work with and get alerted if any of them have been breached that would pose a risk. This can be particularly useful for breach insurance and other risk-related provisions.
Because Lab 1 is finding new data entities by the second – 24bn to date – and is adding them to CiGraph, its graph database, the monitoring is continuous.
As and when incidents are recorded or data becomes available, Lab 1 systems provide a near-real-time alerting service called Blast Radius. It allows security teams to dig deeper on what happened.
Control the network effect of breaches
Every incident generates fallout that impacts other companies, sometimes in their thousands. Lab 1's Fallout service details this network effect and how companies you follow (including your own) are impacted.
Lab 1 also details history, risk quantification, and recommended remedies, based on the nature and size of the breach. Helping to prevent attack, manage damage and view live risk quantification across thousands of suppliers, with the intention for businesses to build more robust supply chains.
To find out if there's a hidden data breach that involves your company, go to https://www.lab-1.io/, where CiGraph may yet reveal a Dark Web secret you didn't know you had.