Cybercrime can be a lucrative business. While some criminals want bragging rights among other hackers, most cybercriminals want to make money—and for cybercriminals, data brings in the gold. While many criminals use ransomware to extort people, lots of victims won’t pay the ransom to have their data unlocked. So many criminals steal data and resell it on the Dark Web.
But just how much does the data earn them? Today, we’ll cover that—and you’ll see why managed services providers (MSPs) are prime targets for criminals looking to score a quick buck.
How much does that go for?
Any market has its prices. Just like the stock market, data on the Dark Web sells for different prices depending on the day and the value of the information. While it’s impossible to tell exactly how much the data sells for—it’s an illicit transaction, after all—some security companies track how much they’ve seen individual pieces of data go for.
The Dark Web Market Price Index - 2019 (US Edition) by Top10VPN shows the following prices (in United States dollars):
- $1,200 for someone’s full online identity
- $259.56 for bank details
- $16 for T-Mobile accounts
- $9.12 for Facebook accounts
- $5.87 for Gmail accounts
Top10VPN has a good discussion on their page, so it’s worth viewing the original data. However, we wanted to highlight a few key takeaways (note: we are not affiliated with Top10VPN).
It’s probably no surprise—financial data (like banking information and debit cards) gets the most on the Dark Web. This information lets criminals get money directly from their victims. Bank details could lead to criminals opening accounts in victims’ names and ruining their credit.
Additionally, you should be alarmed by the low prices for T-Mobile, Facebook, and Gmail accounts. Each of these accounts can lead to further compromises—whether it’s using an email or social media account to phish for your contacts’ banking info or leveraging your phone to intercept SMS-based two-factor authentication (2FA) messages while resetting other accounts. Also, be aware this information is for common services accounts. The index doesn’t track business services like Salesforce credentials and can’t track internal corporate accounts like one of your customers’ corporate email accounts—which could be used for very targeted spear-phishing campaigns.
Of course, cybercriminals want to gain a large return on their work. If they steal singular accounts, they may not make a ton of money, but if they make off with a large data haul, even cheap accounts can add up. As a result, cybercriminals often look for the biggest steal with the least amount of work—making IT services providers of all stripes prime targets. With access to so much data, your IT business can be a goldmine to these criminals. So what do you do?
Protecting your clients’ data
If you want to help keep your clients safe from cybercrime, you need to protect their systems and yours. In fact, cybercriminals are increasingly targeting service providers since they have access to multiple organizations’ data. If they can compromise your MSP once, they often steal enough data to net a tidy sum on the Dark Web.
So, as a provider, the following tips may help you protect your customers:
- Deliver security based on risk: Some of your customers’ user accounts carry more risk. For example, if someone compromised the email of a billing specialist, they could use that account to phish the customers. So, start with a security baseline when you build out a security program for clients, then add more safeguards like additional authentication steps and account monitoring around risky accounts.
- Check your own security: Remember security starts with you. While you likely already do a good job of protecting your customers’ environments, your security needs to be even tighter. It should go without saying you need to implement several layers of technical controls on your systems including endpoint protection, automatic data backups, and email protection. You should also keep up-to-date with the latest patches. However, there’s more to the story—you need to set, train on, and implement sound security policies for your own team. For example, you want to implement a strong policy for offboarding employees who leave, including shutting down account access, collecting company equipment, and taking back any keys or passes for the building.
- Follow password best practices: Protecting your customers’ data often comes down to how well your team follows best practices around their passwords. Your team needs to set strong, unique passwords for their accounts and avoid reusing passwords across services. Additionally, you’ll want to frequently force password resets, so they don’t become stale.
Don’t be the weak link
Cybercriminals know the more data they can take, the more money they can make. And as an MSP or MSSP, your job is to keep your customers’ data safe.
You probably already take a lot of precautions to keep your customers’ systems safe—but how well do you enforce your own security? If one of your team members’ accounts gets compromised, it could be catastrophic to your customer base (and to your long-term business viability). So it’s important to make sure they use strong account credentials.
SolarWinds® Passportal is built to help you enforce password best practices across your team. You can automatically generate strong passwords for accounts, set policies around password refreshes, and quickly grant or revoke access as needed. With strong passwords being an essential part of data protection, SolarWinds Passportal can be an essential weapon in the fight to keep your customers, and ultimately your business, safe from harm.
Guest blog courtesy of SolarWinds MSP. Read more SolarWinds MSP blogs here.
