Beyond the glitz, glamour, and glory of the World Wide Web as we know it is a virtual world that’s not half as bright. It’s the dark web. Technically speaking, it’s a network of web pages that can’t be indexed by normal search engines. The anonymity of this network means it brings out the worse […]
Beyond the glitz, glamour, and glory of the World Wide Web as we know it is a virtual world that’s not half as bright. It’s the dark web. Technically speaking, it’s a network of web pages that can’t be indexed by normal search engines. The anonymity of this network means it brings out the worse in human beings more often than it makes good things happen. The dark web has been known to facilitate an exchange of illicit goods such as firearms, drugs, child pornography, and what not. Very recently, an Instagram hack revealed the personal contact details of the world’s top celebrities, which were duly put for sale at prices like $10 apiece by cybercriminals on the dark web.
Governments around the world have been making rapid strides in bringing down the shutters on dark web networks. The question is – what implications does this nefarious network has on businesses? Well, the dark web is said to be the dark side of the Internet city, where cybercriminals reside and run their black market of trade of information, digital tools, and physical materials that are then used to commit crimes, inflict self-harm, and perpetuate negative propaganda in communities. For instance, ransomware script creation tools, keyloggers, phishing kits and manuals – everything is available for sale on the dark web. It’s the platform for selling Cyber-crime as a Service!
Agreed – it’s a bad place if people sell firearms and drugs using this network. That’s a government problem, though, and not a business problem. Well, it’s estimated that at least one-third of the dark web activity is about the sale and purchase of corporate data. This includes, but isn’t limited to:
Nothing explains the real impact of dark web activity on business organizations of all scales and sizes like some recent examples. Here’s a list of the top examples:
Because of the unbelievable success and sustenance that the dark web has enjoyed for the past decade, in spite of public knowledge of its despicable existence, immoral web users are tempted to earn a bit of easy money by participating in dark web related crime. The simplest example is of an insider of your business, one of the thousands of employees, who’s willing to share seemingly innocuous information (such as a list of email IDs of people who worked for the company in the past 5 years). A more dreadful example is that of the insider willingly compromising company network security to let a cyber-criminal access sensitive information. The same could be done by negligent employees, as well as rogue intruders who have access to stolen application login credentials.
The solution: enterprise IT security teams need to be proactive about monitoring user behaviour, accessing risks, proactively looking for process weak spots, and advancing the general security awareness of the staff.
Traditionally, enterprise capabilities of detecting data leakages on the dark web have been staggeringly insufficient. It’s estimated that in Europe, the time delay between a data breach and its detection is 469 days. This makes it mandatory that organizations be super cautious about data breaches. Because the dark web is non-indexable, detection becomes difficult, even if your corporate information is the hottest discussed topic there. Thankfully, organizations now have access to monitoring tools that can look beyond the indexable web. This means that if a dark web cyber-criminal openly discusses your business or creates a listing of your digital assets, you’d come to know within minutes.
When GDPR becomes legally binding for businesses in May 2018, the implications of a data breach will be much higher than what they are today. GDPR allows organizations a period of 72 hours to report a data breach after becoming aware of it. Remember the Uber data breach? The company didn’t reveal its knowledge of the breach for more than a year. Had GDPR been in force then, Uber could have been staring at penalties to the tune of tens of millions of pounds. Organizations run the risk of being penalized up to 4% of their revenue if they fail to comply. The dark web is one of the major challenges that companies will face as they try to stay on the right side of the lines drawn by GDPR.
Bring in dedicated capabilities to combat the security risks posed by the dark web. Embrace monitoring tools that can ‘listen’ for discussions relevant to you on the dark web. The dark web is a dark reality, and it’s more closely linked to your business than you’d care to acknowledge.