As the technology we rely on advances, so does the technology that is used by hackers and criminals. Today, a malicious actor can obtain and sell sensitive information without leaving the comfort of home. The dark web provides a secure, virtual location for data of this kind to be shared and sold. As these threats become more prevalent, information security should be top of mind for those protecting businesses and their own private information. To understand the importance of the dark web, it is vital to have background knowledge of how the dark web operates.
Internet users might believe the dark web is a massive, hidden online marketplace where illegal goods and services are available. While there is some truth to this assumption, the dark web is a portion of the internet that is complex and difficult to navigate. The reality is that there are three major sections of the internet, and the dark web only represents a tiny fraction:
- Clear/Plain Web
- Portion of the web everyone uses.
- The surface of the internet, which is 10 percent of what is available.
- Websites are indexed by search engines, e.g., Facebook and Google.
- Deep Web
- Majority of the internet.
- Cannot be accessed with a search engine, as many sites are not indexed.
- Mostly legal and private information, such as university, business or government webpages.
- Dark Web
- Small part of the deep web.
- Comprised of marketplaces, forums, file sharing sites and botnets.
- Most illegal activities take place here, as it is designed to be completely anonymous.
- Sites are accessed through randomly generated character and number strings as IP addresses, meaning they are constantly changing and moving to avoid detection.
Why does this matter? For many people, the dark web may be out of sight and out of mind, but it can have significant business impacts. This was seen recently with several high-profile data breaches resulting in data being sold later on the dark web. The immediate threat of the breach may be finished in a few weeks, but the unseen consequences play out on the dark web for years to come.
To measure the cost incurred because of the dark web, the source of the information must first be understood. Last year, the average cost of a data breach of less than 100,000 records was $3.86 million. This is the direct cost of recovering from the loss of data and paying fees to government authorities, as well as payments to customers. This does not include the statistics and costs for data that was potentially sold on the dark web. In other words, the figures shown for a data breach do not include the damage done by the hacker afterward, with credentials sold and used to further attack a company and the individuals involved.
What Is Being Done?
Multiple agencies in the U.S., as well as international counterparts, are currently monitoring and seizing dark web sites in an attempt to prohibit the illegal activities that occur. A common tactic for law enforcement is to establish a honeypot, or a false dark website, to attract criminals in order for police to identify and attempt to locate those individuals. Sites are moving constantly and being deleted, so law enforcement must improvise and adapt to the everchanging landscape.
What Can I Do?
The best thing a business can do to is to focus on preventative measures. Once the information is stolen, there is little more to do than update login credentials and hope that law enforcement can catch the criminals. Most businesses do not have the resources or ability to scan the dark web and actively monitor the threat to their organization. Preventative measures that should be taken are determined by whether they are administered internally or by third-party organizations.
- Internal Measures
Regardless of industry or size, the standard practice for IT security necessitates password rules, network hardening and a basic incident response plan in case of emergency. Historically, password rules included a minimum length of eight characters, with a complexity level requiring numbers and special characters and mandatory reset times after a fixed period. The National Institute of Standards and Technology (NIST) has updated their recommendations to not force password resets unless suspicious activity or a security incident have occurred. Choosing a password policy that is right for your organization is a decision that should not be taken lightly and should be followed by all users. Network hardening is a broad term encompassing all efforts to reduce vulnerabilities of a system, with every added security measure being a step towards reducing risk of a breach or successful attack.
In the event that an incident occurs, organizations should have a pre-established response and recovery plan that details how the organization will respond in a timely fashion to remediate losses. IT security industry standards have established a six-phase incident response plan that is readily available to the public that can be used as a framework for this measure.
2. External Measures
Unless you have a cybersecurity team that includes dark web experts and the resources necessary for continuous research, scanning and reporting would be too costly for many companies to implement internally. Third-party organizations can provide dark web services by means of a single scan to provide current information, or even continuously monitor for new breaches and information being sold or shared. The most valuable services will include both automated processes and manual crawling due to the everchanging nature of sites on the dark web.
All organizations should consider the business impact of their data and login credentials being found on the dark web, and as such properly mitigate those risks by taking precautionary steps like those outlined here. In addition to internal measures, companies can leverage the expertise of dark web experts in the form of dark web scanning services. This should now be a key aspect of a modern cybersecurity defense. The dark web will continue to be a source of leaked information and hacked databases, causing businesses and individuals both monetary and reputational damage. Following these preventative measures will help prevent an attack from occurring and your data being sold.
About DHG IT Advisory
DHG IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business. To learn more about DHG IT Advisory, visit dhg.com/itadvisory.
Rodney Murray, CISA, CRISC; Principal, DHG IT Advisory
Daniel Falacara, Security+; Associate, DHG IT Advisory