Zakini | Managed IT Services

View Original

The Dark Side of the Internet - Is Your Business Data Safe?

Ever hear of the “dark web”? If so, it may sound rather mysterious. Your instincts were right – it is. But we can make it much less so. This article explores the dark web, its possible impact on your business, and ways to minimize your risk exposure and protect your business from a cybersecurity breach.

What is the Dark Web?

The internet is made up of three main parts: surface web, deep web and dark web.

  • The surface web represents only the 10% of the whole internet, and includes anything that anyone can find by entering terms in a search engine like Google or Yahoo.

  • The deep web is simply where information is stored that is not visible or accessible by anyone. This includes anything that is protected by a password, from subscription services to bank account and medical information. This section actually makes up the majority of the web.

  • The dark web is anything that is not accessible by standard browsers like Google Chrome or Firefox. A decentralized network of internet sites that try to make users as anonymous as possible by routing all their communications through multiple servers and encrypting it at every step.

On the Dark Web, cybercriminals could be hawking important, sensitive, or proprietary business data.

“The US government created the dark web’s multi-layered TOR (the onion router) technology in the mid-1990s to allow spies to anonymously exchange information”.

If a criminal is interested in buying or selling someone’s personal data, such as credit card or social security information, it’s disturbingly easy to do. All you need is a computer and the Tor Browser, and it’s all completely anonymous.

But not all Dark Web traffic is criminal. It is also visited by journalists and law enforcement agencies and is used in countries prohibiting open communication. Still, it’s a popular place for bad guys, because it isn’t something you can find on your typical browser: you’re not going to just type “darkweb.com" into your Safari, Chrome, Firefox, or Edge browser. On the Dark Web, users access Web pages hidden from search engines.

Users need specific software, configurations, or authorization to access the Dark Web. Users hide their IP address and use encryption to anonymize their identity for maximum privacy.

So, you’ll find a lot of illegal activity on the Dark Web. Once users get in, they can buy all kinds of shady stuff:

  • Stolen credit card or bank account numbers

  • Guns and other weapons

  • Child pornography

  • Counterfeit money.

And the biggest threats to businesses:

  • Malware and tools to breach cybersecurity

  • Leaked data

  • Stolen access credentials

Fast facts of why your business should care

We’d like to share some findings from our Dark Web Monitoring partner ID Agent:

The Dark web isn’t just accessed by a small number of people.

  • 2 million active users connect to the Dark Web through the TOR browser every day.

  • 26% of North American and 17% of EU users access the Dark Web daily.

  • Approximately one third of North Americans used the Dark Web in 2019.

  • About 60% of the information on the Dark Web could potentially harm organizations.

Dark web activity is skyrocketing post-pandemic

  • Over 1,400 COVID-19 related domains were registered in Q1 2020.

  • There was a 738% increase in COVID-19-related terms on the Dark Web in March 2020.

  • Phishing attacks including COVID-19 scams have climbed 667% in 2020.

  • Dark Web use has increased by more than 300% in the last 3 years.

Your business’ data may already be on the Dark Web

  • Information on 267 million Facebook users sold in Q1 2020.

  • In Q1 2020 alone over 73.2 million new user records hit the Dark Web.

  • 164 million user records from a dozen major companies were exposed in a single Q1 2020 dump.

  • 53% of organizations have had a data breach caused by third party information theft.

It can happen to your business if you don’t take action

Quite simply, your employees’ usernames and passwords to access your business systems could be sold on the Dark Web. Or the leaked data could be the personal information of your customers, clients, or staff. A hacker who breaches your network and accesses proprietary information could put your data up for sale to the highest bidder. Because it’s being done on the Dark Web, you wouldn’t even know about it until the damage was already done.

Hackers rely on the tendency to repeat credentials and test out usernames and passwords from one account on others. They have the tools to easily enter the credentials en masse on business, domain registration, and Web hosting sites to see if they’re in luck.

And breaches you don’t even know about could be putting your business data at risk. A vendor you work with may not even know they’ve been targeted. But already their database is available on the Dark Web for a few hundred bucks, and it just so happens to contain the confidential marketing campaign plan you sent their way!

Privacy specialists told a Federal Trade Commission conference that Dark Web victims included medical practices, retailers, school districts, restaurant chains, and other small businesses. Worse still, Dark Web information is up to twenty times more likely to come from an unreported breach.

So, despite your best efforts, you could still be at risk. That’s depressing, but don’t give up. There are several strategies you can adopt to minimize threats.

Protecting your business from dark web exposure

The first step is to be proactive in implementing basic cybersecurity procedures.

  • Install security patches regularly, and keep antivirus software up to date.

  • Limit users to access privileges dictated by their responsibilities.

  • Change access rights to people who change roles.

  • Educate your employees about cybersecurity best practices, like avoiding credential reuse – using a password manager; encrypting mobile devices used for business purposes; accessing networks using secured internet access points and approved devices only; questioning social engineering tactics, including emails with malware attachments or links to false sites.

Sign up for Dark Web Monitoring

We rely on Dark Web ID ™, an award-winning solution, to keep an eye on the Dark Web in real time, monitoring it 24/7 to find any data that is related to your business. The software allows us to protect your company from a cybersecurity breach due to compromised employee credentials and we can alert you automatically when your data is compromised before a breach occurs.

We can deploy our dark web monitoring tool in minutes, integrate it to your CRM software and boost your cybersecurity protection. You’re protected 24/7 with an IT team dedicated to ensuring your business data is secure from any disaster. Don’t wait and get in touch today. or call us at 305 400 0992.