Businesses today are obsessed with data. Every organisation profiles its customers - who they are, what they do, contact details and spending habits - to better meet their needs and ultimately boost sales.
Unfortunately, cybercriminals are also hungry for data - they have an interest in our businesses, customers, suppliers and partners - motivated by malicious intent. With this information, they can exploit the data themselves, by accessing bank accounts to steal money, for example, or by sending email scams to customers. Alternatively, they can sell the data to other cybercriminals to exploit for their own benefit.
The place where cybercriminals typically buy and sell data is known as the dark web. The dark web is part of the internet that isn’t visible to search engines (such as Google or Yahoo) and therefore is harder to access: you need an anonymous browser (such as Tor). It is used by individuals and organisations so that internet activity is kept anonymous and private.
People often confuse the dark web with the deep web. As shown in the diagram, the dark web is a subset of the deep web. The deep web is essentially everything that is hidden from search engines but it can be accessed via direct website links. The content available in the deep web is typically confidential and sits behind password protected pages or forms: organisation staff portals, internal reports, databases, military intelligence or scientific investigations. We may find ourselves interacting with content that is available on the deep web on a regular basis whereas we wouldn’t be able to access the dark web unless we had a specific browser and consciously tried to access it.
As a subset of the deep web, the dark web provides greater anonymity and privacy for people browsing or hosting content. It’s not illegal to access the dark web, but its anonymous nature offers protection to cybercriminals engaging in illegal online activity.
A single email address sells for the price of a takeaway coffee ($0.50-$10), while the details of an online bank account are worth 1-10% of its balance, according to a recent study of 10 international dark web forums and marketplaces by cybersecurity company Kaspersky*.
It is therefore extremely important to prevent both our personal and business information from becoming available to cybercriminals as a result of a data breach. If any of the services your business typically uses suffers a malicious or accidental data breach, your staff email addresses and passwords may become available on the dark web. These are known as "breached credentials". If hackers get hold of these credentials, they might use them to access accounts with other service providers that are accessed using the same credentials, given it is human nature to reuse username and passwords.
With Bewica, you can find out whether your organisation’s email addresses or passwords have been compromised in a data breach. We also provide ongoing monitoring to alert you of any new data breaches, so you can take action. Sign up for a free trial of Bewica today to protect your organisation from cybercriminals and let us monitor your credentials in the background for security and peace of mind.
*Source: Kaspersky, 2020