Cyber intrusions are rising as criminal tools spread and defenses lag, according to a new series examining the business of digital crime. The latest episode from The Indicator from Planet Money explores how data breaches have sped up, why entry costs have fallen, and what that means for patients, consumers, and companies.
The hosts frame the moment with a blunt assessment of the gap between attackers and defenders.
“The bad guys are getting badder faster than the good guys are getting better.”
The conversation looks at how breaches have evolved and why people without advanced skills can now participate. It also points to sensitive sectors like healthcare, where stolen records can ripple through patient care.
How Breaches Got Cheaper and Faster
Criminal kits now automate many steps once handled by experts. Off‑the‑shelf phishing pages, breach playbooks, and password-stealing tools cut learning curves and costs. Attackers can rent access to compromised systems or buy stolen logins in bulk. That turns a small outlay into a steady flow of attempts against many targets.
The hosts stress this shift has “supercharged” incident volume. More actors can try more things, more often. That scale gives even low-skill attempts a higher chance of success.
Crime-As-A-Service Lowers the Bar
One clear message is that you no longer need to be a coder to break in.
“You don’t have to be a hacker to get into the game.”
Marketplaces offer step-by-step guides and customer support for would-be thieves. Some services share profits with affiliates who spread malicious links or run basic scams. Others sell access to breached databases, which fuels identity theft and fraud.
This model mirrors legal software channels. It brings repeatable revenue for operators and easy onboarding for recruits. The result is a broader set of attackers and more persistent activity, even against small organizations.
Healthcare and Consumer Risks
The series flags healthcare as a sector at higher risk. Medical records include full identities, treatment notes, and billing data. When stolen, the damage can be personal and long term. Patients may face fraud, privacy loss, and disruption to care if systems go offline.
Consumers face familiar fallout after breaches. Identity theft can surface months later. Credit scores may dip after fraudulent accounts appear. Password reuse across services multiplies the damage. The show’s related coverage suggests practical steps: freeze credit, enable multi-factor authentication, and monitor bank and insurance statements closely.
- Use unique passwords and a manager to track them.
- Turn on multi-factor authentication wherever possible.
- Check credit reports and statements for unusual activity.
Why Defenders Struggle
Security teams face an asymmetry problem. Attackers need one mistake; defenders must block many. Organizations still run aging systems, lack trained staff, and juggle tight budgets. Meanwhile, automated tools let attackers probe thousands of targets at once.
The hosts point to a widening skills and speed gap. Response plans exist, but patching, monitoring, and training often trail behind. Vendors ship fixes fast, yet adoption stalls across complex networks. That delay leaves a large target surface open for longer.
What Could Change the Trajectory
Experts and regulators are pressing for basic standards that slow common attacks. Steps include default multi-factor authentication, phishing-resistant logins, rapid patching, and better backups. Insurance requirements can also push firms to meet baseline controls before buying coverage.
The series highlights the role of transparency. Faster reporting can help others spot campaigns and close holes. Clear guidance for victims—especially patients—can reduce harm.
The Business Of Breaches
Treating intrusions as a business helps explain recent growth. There are suppliers, distributors, and retail operations, each taking a cut. As long as stolen data has buyers and barriers stay low, volume is likely to rise.
The economic incentives are strong: low upfront cost, global reach, and limited risk of arrest in permissive jurisdictions. That math favors aggressors unless targets raise the cost of each attempt and shrink the payoff.
The latest episode sets out a blunt reality: attack tools are spreading faster than defenses are improving. Listeners hear practical steps for individuals and a call for consistent basics across companies. The next phase will depend on how quickly organizations adopt simple, proven controls, and whether markets and regulators reward that shift. Watch for tighter standards in healthcare, broader use of phishing-resistant authentication, and quicker incident reporting as signs the tide may start to turn.
