The Dark Web: Is My Business at Risk?
posted Dec 28, 2017 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog
It might come as a surprise to many that nearly every business is at risk and exposed to the “dark web”. What exactly is the dark web? It is a collection of thousands of websites that you can’t access via normal means and that aren’t indexed by search engines like Google or Yahoo. You have to download special anonymization tools in order to access the dark web. Why would you want to access something on the dark web? Criminals seek illicit substances and other illegal items through this portal—sometimes called the “world’s largest black market.” So, how is your business at risk?
More about the dark web
When you and I surf the internet, we’re on what’s known as the surface web—made up of searchable sites with a standard browser. The dark web is a hidden corner of the internet where users are free from data collection, thus leaving no trace of their visits to an illegal web site. The dark web actually forms a small part of what’s known as the “deep web,” which is the part of the web not indexed by web search engines. While there are dark websites that do not engage in criminal activity, the dark web is typically where criminals that illegally sell consumer data and other black market goods tend to congregate.
How is my business at risk?
The dark web is home to millions of cybercriminals who want to steal your data. Ransomware like WannaCry are sold via the dark web and common criminals are able to obtain malicious code on the black market and infect your system. There is now something known as “Hacking as a service” or HaaS in which individuals are hired as a contractor to hack a system. So, criminals will often hire HaaS to purchase code on the dark web and hack your account.
In April 2017, Amazon back-end credentials were leaked to the dark web, allowing criminals access to third party sellers’ accounts, through which these criminals were able to change associated bank information to divert funds into their own accounts and then sell counterfeit items at deeply discounted prices. The true owners were only able to recover their accounts after losing nearly hundreds of thousands of dollars.
Protect your business
In order to protect yours and your customers’ information from falling into the hands of the dark web, you should....
- Create backups and a disaster recovery plan. The only way around ransomware and encryption is restoring from a backup. Prepare for the possibility of a ransomware attack by performing regular backups to an offline destination. You should also periodically test your restore process to confirm it’s functioning before you actually need it.
- Educate employees- Arguably the most important step. Train your employees how to avoid email phishing and other scams. You don’t want sensitive corporate data and customer data ending up for sale on the dark web.
- Use dual factor authentication- Requiring an extra step for access into your account is always a good idea!
- Consider cybersecurity insurance- If the above three tactics fail you, this is a great security blanket to have. Read about the advantages of cybersecurity insurance in our blog.
In addition to this, ensuring that all your software is up to date is also key. Preparation and response are key in staying vigilant against the dangers of the dark web. It seems that every day a new cyber threat evolves, but as long as you maintain your systems and educate employees, you will be much more protected against a potential attack.
Contact me or any member of our Information Security Services Team for more information.