I like to explain what I call the Breach Timeline. First thing you must know, most of the time, cyber criminals don’t know(or care) who their target is! They are after 1 thing and 1 thing only, MONEY $$$. The lower hanging the fruit is the faster and easier they make money.
They go online to the dark web to buy blocks of IP addresses. Then using automated software, they scan each of these IP addresses for vulnerabilities.
Vulnerabilities are “holes” in your network devices or computers or other devices. Once a manufacturer is aware they send out fixes for these “holes”.
Once they locate some external vulnerabilities. They focus on them to see if they can make their way into the internal network. At this point they are repeating the scanning phase but internally. They are still likely using automated processes to perform this task.
Once they get inside the network, they look at each device to determine what kind of data is on them. Is there any PII, PHI, Routing/Banking information, Drivers Licenses, and etc… Each of these has a value on the dark web.
Let’s take for instance you have a spreadsheet with 1000 clients names. Each row has Name, Address, email address, physical address and cell number. That is 1000 pieces of data they can sell.