The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because one can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
- About 60% of the information on the Dark Web could potentially harm organizations.
- Dark Web use has increased by more than 300% in the last 3 years.
- More than 75% of Dark Web sites appear to be marketplaces.
- Cybercrime yields in excess of $1.5 trillion in revenue per year.
- 53% of organizations have had a data breach caused by third party information theft.
What of my business information might be out there and how did it happen?
The types and amount of information to be found on the Dark Web is staggering, from social security numbers to emails and passwords, to complete business data base dumps. The Dark Web has become a marketplace every bit as functional and easy to use as Ebay, Etsy, and Amazon. One can even find job opportunities peddling ill-gotten information.
Compromised credentials are becoming more and more common, but the danger of these exposures goes beyond the individual. The majority of these breaches are happening because of a credential that has been exposed. All it takes is one employee to potentially give away the keys to your entire network.
Your employees are creating accounts on many different types of third-party websites. They’re using their work email addresses and often the same password, or some variation of a password, for these accounts. Once the third-party website is breached, cyber criminals can test passwords that they obtain on other, more dangerous websites. Previous employees can also pose serious risk if their passwords on any of these accounts is still active.
A business owner saw the Dark Web scan run by the Dark Web ID platform. She noticed that there was an employee who had been terminated years prior, but the password was familiar to her. Upon further investigation, the business owner realized that the password visible on the Dark Web scan was still the active password for the company’s bank account – with access to millions of dollars and credit lines. Having this visibility not only helped the company avoid a catastrophic breach, but it also allowed the HR team to implement better and more secure onboard/offboarding processes.
Have you built a cybersecurity framework for your business? Is it even on your radar? Compliance regulations and the realities of the moment are dictating that you must. It is now mandatory for small to medium size businesses to adhere to state laws and regulations related to data protections. GDPR set the standard in Europe, and these laws are being implemented across all 50 states, with California and New York mimicking the standards most closely.
As you build a cybersecurity framework for your organization, it’s important to think about the concept of “Zero Trust.” You must go in with the assumption that everyone has been compromised and credentials have already been exposed. It isn’t about stopping or preventing the exposure but ensuring that you have visibility into cyber risk and controlling what you can control internally. This means making sure the right people have the right secure access to the right machines – using the right privileges – and then ultimately monitoring that for compromise exposure.
What can you do?
Get someone to watch your back. Are your passwords for sale on the Dark Web? Is one of your staffers selling access to your systems? Were you exposed in a third-party Dark Web data dump? Find out with our Dark Web monitoring service.
Get ready to defend against your biggest threat. Over 90% of data breaches start with a phishing attack, and everything a cybercriminal needs to mount an effective phishing attack against you is available on the Dark Web. Prevent those attacks from landing with effective employee training.
When building your cybersecurity framework, it is helpful to have a technology strategic partner. Visit MashGrape.com to learn more about cybersecurity, Dark Web Monitoring, and employee training.