The Biggest Threats from the Dark Web That Keep Businesses on Their Toes
Beyond the glitz, glamour, and glory of the World Wide Web as we know it is a virtual world that’s not half as bright. It’s the dark web. Technically speaking, it’s a network of web pages that can’t be indexed by normal search engines. The anonymity of this network means it brings out the worse in human beings more often than it makes good things happen. The dark web has been known to facilitate an exchange of illicit goods such as firearms, drugs, child pornography, and what not. Very recently, an Instagram hack revealed the personal contact details of the world’s top celebrities, which were duly put for sale at prices like $10 apiece by cybercriminals on the dark web.
Why Should The Dark Web Be A Matter of Concern for Businesses?
Governments around the world have been making rapid strides in bringing down the shutters on dark web networks. The question is – what implications does this nefarious network has on businesses? Well, the dark web is said to be the dark side of the Internet city, where cybercriminals reside and run their black market of trade of information, digital tools, and physical materials that are then used to commit crimes, inflict self-harm, and perpetuate negative propaganda in communities. For instance, ransomware script creation tools, keyloggers, phishing kits and manuals – everything is available for sale on the dark web. It’s the platform for selling Cyber-crime as a Service!
Dark Web: A Black Market for Sale and Purchase of Stolen Corporate Data
Agreed – it’s a bad place if people sell firearms and drugs using this network. That’s a government problem, though, and not a business problem. Well, it’s estimated that at least one-third of the dark web activity is about the sale and purchase of corporate data. This includes, but isn’t limited to:
- Login credentials to enterprise applications, stolen from careless and unsuspecting employees
- Extracts of email addresses and phone numbers of several thousands of employees of big businesses
- Email threads mentioning keywords such as hiring, resign, pay, cost, etc., which can be used to leak important information or to blackmail key executives
Real World Examples of How the Dark Web is Keeping Businesses at the Edge
Nothing explains the real impact of dark web activity on business organizations of all scales and sizes like some recent examples. Here’s a list of the top examples:
- The Australian Tax Office had to suspend its use of Medicare cards after realizing that many of these identities were for sale on the dark web.
- In Sep 2017, UK dailies carried news of how month long valid UK rail passes were available at 15% of their market value, on the dark web, with the scam’s financial impact estimated at £200m.
- Among the hottest selling products on the dark web are ransomware development kits for Android that don’t require the user to have any coding experience to make it work!
- It’s common for cybercriminals to offer the money back guarantees on digital assets such as corporate employee identities, if the identities don’t prove to be at least 80% accurate, for instance!
Dark Web and Insider Threats: A Deadly Combination
Because of the unbelievable success and sustenance that the dark web has enjoyed for the past decade, in spite of public knowledge of its despicable existence, immoral web users are tempted to earn a bit of easy money by participating in dark web related crime. The simplest example is of an insider of your business, one of the thousands of employees, who’s willing to share seemingly innocuous information (such as a list of email IDs of people who worked for the company in the past 5 years). A more dreadful example is that of the insider willingly compromising company network security to let a cyber-criminal access sensitive information. The same could be done by negligent employees, as well as rogue intruders who have access to stolen application login credentials.
The solution: enterprise IT security teams need to be proactive about monitoring user behaviour, accessing risks, proactively looking for process weak spots, and advancing the general security awareness of the staff.
Technology to Detect Data Breaches on the Dark Web
Traditionally, enterprise capabilities of detecting data leakages on the dark web have been staggeringly insufficient. It’s estimated that in Europe, the time delay between a data breach and its detection is 469 days. This makes it mandatory that organizations be super cautious about data breaches. Because the dark web is non-indexable, detection becomes difficult, even if your corporate information is the hottest discussed topic there. Thankfully, organizations now have access to monitoring tools that can look beyond the indexable web. This means that if a dark web cyber-criminal openly discusses your business or creates a listing of your digital assets, you’d come to know within minutes.
GDPR and Dark Web: The Stakes Are Higher Than Ever
When GDPR becomes legally binding for businesses in May 2018, the implications of a data breach will be much higher than what they are today. GDPR allows organizations a period of 72 hours to report a data breach after becoming aware of it. Remember the Uber data breach? The company didn’t reveal its knowledge of the breach for more than a year. Had GDPR been in force then, Uber could have been staring at penalties to the tune of tens of millions of pounds. Organizations run the risk of being penalized up to 4% of their revenue if they fail to comply. The dark web is one of the major challenges that companies will face as they try to stay on the right side of the lines drawn by GDPR.
Bring in dedicated capabilities to combat the security risks posed by the dark web. Embrace monitoring tools that can ‘listen’ for discussions relevant to you on the dark web. The dark web is a dark reality, and it’s more closely linked to your business than you’d care to acknowledge.