Chairman Pearce, Ranking Member Perlmutter, and distinguished members of the subcommittee. Thank you for the invitation to testify at this important hearing, “After the Breach: the Monetization and Illicit Use of Stolen Data.”
Cybersecurity is a constant and growing challenge. Although software is gradually becoming more secure and developers are creating novel approaches to cybersecurity, attackers are becoming more adept and better equipped.
And as the world embraces more digital and hyperconnected components, the paths become more numerous for attackers to gain access to our most sensitive information. Data breaches have become commonplace in the United States.
In 2017, more than 1,000 data breaches exposed over a billion records of sensitive data. From banking to retail, health care to entertainment, and even government, no sector is immune. Some of that information has been monetized by threat actors in flourishing underground markets.
These cyber black markets offer the computer-hacking tools and services to carry out cybercrime attacks and sell the byproducts stolen in those attacks: credit cards, personal data, and intellectual property. In other cases, the attackers keep the data for their own espionage purposes or use stolen funds to facilitate future operations.