A recent report by Denver-based OWL Cybersecurity shows that every Fortune 500 company has some level of exposure on what is called the “the dark web,” a part of the internet that is inaccessible via the surface web, and teeming with black market sales and access to every wonder and horror imaginable.
Benjamin Vitaris, syndicated via nasdaq.com, explains: “OWL ranked the Fortune 500 companies by their Darknet Index score – calculated by the cybersecurity firm’s algorithm – and also included the firms’ rankings on the Fortune 500 lists,” he writes. “Ranked by DARKINT (darknet intelligence), technology companies lead the list, with Amazon holding the top spot, but with telecommunications firms right alongside it.”
OWL’s key takeaways were that Amazon’s ranking at the top of the list is explained by the fact that they have a “massive internet presence and [possess] a significant amount of customer data.” They also found that financial institutions who were measured concurrently scored better than most all Fortune 500s due simply to the fact that they’ve been more invested in cybersecurity recently.
What this all means is that nobody is safe from the dangers of the dark web. If Fortune 500 companies are at risk, yours may be too — but how do you tell? And, more importantly, how do you protect yourself?
What is the Dark Web?
Most probably imagine the dark web akin to a seedy tavern where devious miscreants plan their next cyber heist. Is some ways, it is like that. In others, it’s much, much worse — but we won’t get into the violent or pornographic inhumanities that exist in the worst corners of the dark web. What we’re focused on is the black market aspect.
Because the dark web is accessed through anonymization software like Tor, is unregulated by a centralized system, and because cryptocurrencies work so well within that system, practically anything can be bought and sold on the dark web anonymously, including human organs, stolen and illicit goods, and information. This information includes customer data, like stolen credit card numbers, social security numbers, etc. In fact, stolen healthcare data is, for whatever reason, is very popular on the dark web. It is this information that poses the most threat to a business.
How is the Dark Web Dangerous to Me?
The biggest dangers posed to most organizations are in this buying and selling of illicit information. The analyst team at Terbium Labs has identified one of these types of information specifically: fraud guides.
In their post, Inside the Dark Web: Fraud Guides, the Terbium Labs analyst team explains: “…although dark web guides cover a broad range of activities – drugs, fraud, hacking, anonymity, and social engineering, to name a few – fraud guides are particularly harmful in that they focus on exploiting processes, products, and people for profit,” they write. “Few industries are unaffected by fraud guides, which are continuously improved and distributed by the community of fraudsters that buy and test these methods.
The report goes on to state that their investigation revealed 89 percent of legitimate fraud guides were actually actionable, meaning that they could indeed be used to scam, defraud, or otherwise harm another individual or organization.
Of course, the dark web can be dangerous in plenty of other fashions — for example, the UN’s disarmament chief warned that terrorists are using the dark web to help them build weapons of mass destruction, and there’s always the list of horror stories you can find by browsing Google. However, most of the dangers anybody faces concerning the dark web does not come from visiting it, but rather from the dissemination of their information through it. So how can you prevent this?
How to Protect Yourself
One of the most challenging aspects of modern cyber security is the infrastructure everything is built around. While the dark web might sound dangerous, it’s really the insecurities in the clear web and, more often, the Internet of Things (IoT) that fuel dark web interactions. The IoT especially is missing measures to protect privacy and security, meaning that the best way to protect yourself from the dark web is to first protect yourself on the clear web and the IoT.
One of the first things a business can do to protect itself is to execute a basic cyber security risk assessment. Maryville University’s online cyber security program suggests taking these steps:
Take stock of the system. Size, number of access points, what information is stored — all of these help inform of threat level. Obviously, a Fortune 500 is probably a more attractive target, but if you handle credit card info in any way, you could be just as much at risk.
Look at potential threats. Hackers aren’t the only threat out there. Human error, poor backups and encryption, and social engineering are all potential threats.
Analyze the environment. Examine controls governing factors like administrator access, user authentication and provisioning, infrastructure data protection, continuity of operations and others. Ask yourself: how secure are these controls?
Likelihood. Consider probability of different breach types, and exactly how and where they would stem from. If you can think of a lot, that’s a high risk.
Final risk assessment. When you multiply your likelihood by how much damage your business might incur, you’ll have a final risk assessment score. If you have any probability of breach that could lead to catastrophic business failure, however unlikely, you’re looking at high cyber security risk.
Another way to protect yourself is by monitoring the dark web for sensitive information. Terbium Labs, who also ran the fraud analysis guide mentioned before, specialize in dark web monitoring with their flagship product, Matchlight, an automated data intelligence system that lets you know within minutes if your information has shown up on the dark web.
It’s true that nobody is safe from information publication on the dark web. All a business can do is educate themselves, and enact the best security measures possible, aimed at both prevention, and reacting in the event of a breach or attack. The good news is, with the right knowledge, you can keep yourself safe from the dangers of the dark web.