Extract from HaystackID’s article “Left of Breach: The Strategic Shift from Cyber Response to Cyber Readiness”
The cybersecurity industry loves a good war story. Companies often claim they’ve been targeted by the most sophisticated nation-state actors as a way to suggest a breach was inevitable to help deflect adverse regulatory penalties. However, according to HaystackID Managing Director Jeffrey Fleming, this focus on exotic threats overlooks the bigger picture.
“Everyone wants to say China or another advanced persistent threat hacked them,” Fleming said in a recent interview. “But in reality, that’s probably not your actual threat. Your real risk might be Joe Schmo, a less sophisticated actor, or the disgruntled employee you upset last week. That’s who you need to be prepared for. That’s what can land you in regulatory hot water or facing punitive damages.”
This insight cuts to the heart of a fundamental problem in modern cybersecurity: organizations are preparing for the wrong fights while leaving themselves vulnerable to more probable, and often more damaging, attacks.
The Dark Web Stock Market is Changing
The cybercrime economy operates like any other market, driven by supply, demand, and profitability. Ten years ago, US customer data was digital gold: full identity records, or “Fullz,” complete with information such as your mother’s maiden name, dates of birth, and Social Security numbers, could command $30 to $50 per record on dark web markets, according to Fleming. Today, they average $5 to $8.
