The media repeatedly reports that “cybercriminals are attacking companies and publishing stolen data on the darknet.” But what exactly is this data? Why does it pose a threat to companies?
Once cybercriminals have gained access to a company network, they attempt to steal as much information as possible. To do this, they first spread further throughout the network (after successful initial access) in order to obtain particularly sensitive data.
As soon as access to network shares, file servers, or even SharePoint folders is gained, as much data as possible is stolen from there (i.e., transmitted to the attackers).
This data can then include everything that the company has stored.
However, as this statement is somewhat vague, we have listed a few examples here:
Any correspondence that has been saved can be exposed by a cyberattack. In this example, the correspondence contains not only a customer’s address details, but also login details for an administrator account.
Copies of identity cards and birth certificates are also frequently published on the darknet. These may originate from job applications, for example, or have been submitted due to marriage or the birth of a child.
Data leaks affecting your own company can also occur at the service providers (of all kinds) you use. The screenshot from a data leak at a payroll service provider illustrates this impressively. Here, employees’ salary information is suddenly freely accessible.
This is only a small sample of the data that can be found on the darknet. Ultimately, anything that companies and their employees store can be leaked there.
This poses a threat to companies when sensitive data that was not intended for public consumption ends up on the darknet. It is not only the company’s own employees, whose ID card copies can now be misused by criminals, who are upset. The company may also face legal action if it emerges that the data was not adequately protected against unauthorized access. And competitors, who now have detailed insights into the company’s operations, can also use this information to their advantage.