Nearly half of all cyber attacks are committed against small businesses. Hackers are looking for customer data (credit card information, bank account information, medical records, etc.) to steal so that they can sell it on the dark web in large batches. When a business is breached, and customer/employees' records are stolen, you lose your customers/employees' trust. If your business is the target of a breach, it’s important to contain that breach as quickly as possible. This is why the DoD started enforcing NIST 800-171 Compliance within the past week.
The dark web is a hidden network of websites that gives visitors complete anonymity. It isn’t indexed by search engines and requires that you download and use a special browser called Tor. Tor is a web browser that renders your IP address undetectable and unidentifiable. The scarier part of that is how the hacker's IP is undetectable. This is how people sell your information online. They use Tor as a way to connect with people anonymously to find other people looking to purchase peoples personal information.
Most sites on the dark web have been set up by criminals and scammers who sell illegal goods, services and information. Sensitive information like username and passwords, social security numbers, medical information, credit card information and more is stored and sold on the dark web. Every day 6,452,266 records are stolen and the majority of those end up on the dark web.
Here’s what a few common pieces of information sell for:
These prices vary over time based on supply and demand. If there is a lower supply of social security numbers available for purchase, the price will go up because the information is more valuable at that time.
If you're a private contractor working with/for the DoD, you have most likely heard about NIST SP 800-171 before. You've also probably only changed your passwords maybe a handful of times in your life. Most of those were probably only reset because you forgot the password. This is why the DoD made NIST SP 800-171 a requirement if you still want to do business with the DoD. You have 18 months to become compliant, or you're subject to lose any contracts with the DoD, along with any new contracts. We will help you do this.
Sources:
These Stories on Compliance