The Dark Web will go down as the IoT buzz word for 2019. But, do you know what the Dark Web is?
The name may sound mysterious and provocative, but the Dark Web is simply where illegal and illicit activity goes digital. The Dark Web first gained attention in 2013 when the FBI shut down the infamous Silk Road website. Silk Road was the first known dark website. It operated as a platform for selling illegal drugs while providing its users' anonymity to conduct business.
Why is the Dark Web “Dark”?
Most of the internet we know contains publicly available information. The content on these web pages is indexed by search engines like Google, Yahoo, and Bing. Dark Websites are hidden from common search engine indexing. They are only accessible through specialized anonymizing tools that hide the user’s identity, location, and activity while operating on dark websites. The collection of dark websites operating in this fashion is colloquially known as "The Dark Web". Not all activity on the Dark Web is illegal. Browsing websites anonymously is not illegal. However, the ability to conduct anonymous services and information exchanges on Dark Websites through anonymizing search engines is like a beacon for criminal activity.
In 2016, British researchers Daniel Moore & Thomas Rid categorized over 2,000 webpages on the Dark Web. They reported that 57% of the sites they found contained illegal and illicit content. One of the most common activities on the Dark Web is the sell and transfer of hacked data.
Where does hacked data go?
When online services like Netflix and Sony are hacked, the user databases become available to interested external parties. These databases contain account credentialing information which can include, names, email addresses, passwords, and credit card and bank account numbers. This information is stored in Dark Web depositories. These depositories are not a specific place but rather a collection of forums and backroom channels where illegal information is exchanged. The Dark Web is much more dynamic than the regular internet. Websites, chatrooms and e-comm sites constantly move around to avoid detection. So hacked information can easily move and change locations, making it difficult to discern how much data is available on the Dark Web.
Many people who have had their information hacked are not aware for months or years. Once your information is made available on the Dark Web there isn't much you can do about it. But it is important to know it’s there. You can monitor these dark channels to see if your user credentials are showing up for sale through Dark Web Scans.
Credit monitoring companies like Experian, offer online Dark Web scans for personal information such as, personal email, social security numbers, and phone numbers. IntelliSystems offers Dark Web scans for business information. These scans will look for your business domain on the Dark Web. It can find user accounts and passwords that have been compromised. Additionally, this scan can identify if your employees are reusing passwords on multiple sites. If a compromised password is used on multiple sites, then every site is at risk. If you know your account has been hacked or your information was compromised, you should immediately change your password on all affected sites.
Over time, the Dark Web database depositories become available to more and more individuals, often for free increasing the risk to your accounts and business.
Train and Protect
The best way to protect your business from exposed information on the Dark Web is to limit the overlap of credentials across different systems. Additionally, limiting how much information you provide to web services can limit your exposure. Employee Cybersecurity Awareness Training fills in the gaps of employee knowledge. This training is a proactive control to help employees understand their role in Cybersecurity. Internal network users, i.e. employees and business owners, are the number one cause of network hacking, ransomware, and malware. Almost all security breaches can be linked to an employee clicking, downloading or opening an infected file. Once a criminal gets access to your network, they can exploit the system to infect other computers, access sensitive information or attack other entities, like clients.
Awareness training educates employees about phishing, vishing, social engineering, and more. It teaches them how to respond in the event of a cyber-attack and how to practice good-sense password policies, such as, not reusing passwords. A good training program should be multi-faceted involving webinars, skill tests, and simulations. It should also be recurring. Online criminals continue to adapt their tactics, which means our understanding and knowledge of them must adapt too. Cyber Awareness training will help employees understand that cybersecurity is everyone’s responsibility.
Protect your system with a robust firewall and antivirus solution. It is commonly understood that firewalls and antivirus will protect your business from an outside cyber-attack, and they can be helpful in this way but not all firewalls are equal. Some are dramatically more effective than others and can also protect against unintentional acts by internal users.
The Dark Web has given criminals a safe and comfortable place to conduct business. Until that changes, everyone who is online is at risk to hackers and criminals. IntelliSystems’ cybersecurity solutions can help your business be as safe as possible.