hello and welcome to another application of the minor attack framework discussion.
Today. We're going to be looking at our case study on collection now.
The phrase for this particular discussion today is what is the pot of gold or what's the pot of gold?
So items of interest typically the threat Actors targets toe hold for ransom targets to sell access to so your internal infrastructure. Your office 365 10 it
dated to sell could include credit card information, medical data, any type of personal information. Really?
So all of these areas are of interest to a threat
actor. Now, some of these breaches from 2019 or maybe not on the scale for you is a small business or midsize business.
But you have to keep in mind that some of these organizations likely have the capability
to provide the type of controls that should protect sensitive information overall. But things happen to any business bigger, small and so, looking at these numbers, you have to imagine what the payday waas for these threat actors and so capital. One
160 million records, even 100 million records Door dash 4.9 potential
records 108 million on the last X Server, third party, Facebook at 540 million items for sell on Dream Market. This is a number of multiple domains. 620 million. We're talking billions
of records billions, even if those
at 50 cents a record,
you're talking about $500 million
but they're not. They're way more than that. And so the potential pound here is huge. This is why we are struggling day in and day out with threat actors. And we're struggling with this kind of black market where data is being sold constantly and our information is being exposed constantly. So
you're a smaller organization,
if you've got 100 records that are stolen and they're worth 50 bucks a pop, 20 bucks a pop, that's still
Tom well spent for a threat after. If you don't have records that are of benefit, your systems are still valuable to a threat actor. Because they could be used to serve up illegal content, they can be used to attack other organizations. There would be nothing more embarrassing for a local business.
Have the FBI show up and sees your equipment because it's being used to attack government entities. It's being used to serve up content. It's being used. Teoh
do any number of things. And so you don't wanna have to defend yourself in a court of law. You don't wanna have to worry about these things. And so you need to start asking yourself what's out there on my systems? That would be worth money to a threat. Actor
All my systems worth money to a threat actor How are my systems exposed to the Internet?
And what can I do today to kind of sure my systems up and make sure I'm doing my due diligence? Because these numbers don't lie. People. There is value in this type of information. There's value in what these threat actors air collecting and taking from these organizations. And if you think that any of us
whether it's a personal system that you use at home or your business systems, if you think any of those air immune you're living in a fantasy. So you have to start considering even
in the most, uh, small of waste how your systems could benefit a threat actor. So start taking those things into account in your day to day life in your day to day use of systems and your business use of systems. Whatever it may be, we need to start thinking about how do we protect ourselves, and how do we make the job of threat actors that much
harder in the long run?
So with that, I want to thank you for your time today, and I look forward to seeing you again soon.