Businesses today are obsessed with data. Every organisation profiles its customers - who they are, what they do, contact details and spending habits - to better meet their needs and ultimately boost sales.
Unfortunately, cybercriminals are also hungry for data - they have an interest in our businesses, customers, suppliers and partners - motivated by malicious intent. With this information, they can exploit the data themselves, by accessing bank accounts to steal money, for example, or by sending email scams to customers. Alternatively, they can sell the data to other cybercriminals to exploit for their own benefit.
The place where cybercriminals typically buy and sell data is known as the dark web. The dark web is part of the internet that isn’t visible to search engines (such as Google or Yahoo) and therefore is harder to access: you need an anonymous browser (such as Tor). It is used by individuals and organisations so that internet activity is kept anonymous and private.
People often confuse the dark web with the deep web. As shown in the diagram, the dark web is a subset of the deep web. The deep web is essentially everything that is hidden from search engines but it can be accessed via direct website links. The content available in the deep web is typically confidential and sits behind password protected pages or forms: organisation staff portals, internal reports, databases, military intelligence or scientific investigations. We may find ourselves interacting with content that is available on the deep web on a regular basis whereas we wouldn’t be able to access the dark web unless we had a specific browser and consciously tried to access it.
As a subset of the deep web, the dark web provides greater anonymity and privacy for people browsing or hosting content. It’s not illegal to access the dark web, but its anonymous nature offers protection to cybercriminals engaging in illegal online activity.
A single email address sells for the price of a takeaway coffee ($0.50-$10), while the details of an online bank account are worth 1-10% of its balance, according to a recent study of 10 international dark web forums and marketplaces by cybersecurity company Kaspersky*.
It is therefore extremely important to prevent both our personal and business information from becoming available to cybercriminals as a result of a data breach. If any of the services your business typically uses suffers a malicious or accidental data breach, your staff email addresses and passwords may become available on the dark web. These are known as "breached credentials". If hackers get hold of these credentials, they might use them to access accounts with other service providers that are accessed using the same credentials, given it is human nature to reuse username and passwords.
Our portal can help your organisation in a number of ways when it comes to the dark web:
1. Sending you a data breach notification when we detect that there has been a public data breach that impacts any of your staff's email addresses members. This is part of our dark web monitoring service included in Level 2 of our portal (Advanced Security), which alerts you if any of your team members passwords have been compromised in public data breaches, meaning this data could become (or already is) available in the dark web. If any of them have been compromised, instructions can be sent to your staff members from our portal, advising them of what to do.
2. Helping you generate strong passwords through our strong password generator included within Level 2 (Advanced Security) subscriptions. Our secure password generator automatically checks against a database of known breaches, reducing the chances of you using a password that is already in a public breach available in the dark web.
Don't wait for an attack to happen. Start protecting your business with a free account here.
*Source: Kaspersky, 2020