Not prioritising, or simply ignoring cybersecurity is no longer an option for small businesses. In the wake of well publicised big corporate data breaches and social media scandals, companies across all industries are rightly concerned they may be next on a hacker’s hit list.
All it takes is one attack to wipe out an organisation’s financials and force its owners to shut for good. Today, every business is a potential target for cybercriminals – but not every business is well prepared to defend itself against such attack or deal with the threats that emerge after a breach has occurred. The risk of stolen data being sold on the dark web is one of them.
So, what is the dark web?
While many small businesses are aware of the dangers posed by phishing schemes and network probes, many are overlooking the threat that lurks out of sight on the dark web.
Unlike most places on the internet, the dark web is difficult to access because it lives on a part of the web that is not indexed and cannot be crawled by search engines. In essence, the dark web is anything that is not accessible by standard browsers like Google Chrome or Firefox. Any type of information can reside on the dark web, it is merely dark because of its more limited accessibility.
However, while such anonymity is not considered illegal, it has turned the dark web into a hotbed of criminal activity – allowing thieves to mask their true location and identity to leverage the dark web for the purpose of buying and selling valuable data.
Accessing the dark web
The majority of users accessing the dark web use the Tor anonymous browser. This browser can be downloaded just like Chrome or Firefox or any other browser of choice, but it works a bit differently.
Tor stands for “The Onion Router” which refers to the way it works. Internet activity via Tor must travel through different overlay networks, or layers (like an onion), each of which helps encrypt the traffic from the computer. Because of these extra layers of security, Tor works slower than regular browsers.
Why the dark web should be a concern for businesses?
- Many don’t even know the dark web exists, so action may come a little too late
Part of the problem starts with the fact that organisations simply do not know there is a black market for the buying and selling of stolen goods. A data report by Switch-fast in 2019 found that more than a quarter of small business employees don’t have any idea of what the dark web is, let alone the role it plays in data breaches. Even worse, some small businesses might not even be aware they have been compromised until after their data has been bought and used by someone else.
- Highly sensitive information is up for grabs on the dark web
It is estimated that over 50% of all sites on the Dark Web are used for criminal activities, including the disclosure and sale of digital credentials (which can also include personal data like passport numbers and bank accounts).
Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by law enforcement – but by then, it’s too late as compromised credentials are used to conduct further criminal activity, such as data breaches of sensitive corporate information, as well as identity theft of individual employees.
- The dark web is not easy to access – or search
Even if businesses know what the dark web is, accessing and navigating the internet’s underbelly is no simple task. The dark web is messy and volatile, with websites constantly changing addresses to avoid becoming the victim of widespread malware. For small businesses, trying to manually search the dark web for stolen information is virtually impossible and can expose them to even greater threats.
Addressing the threat of the dark web before it is too late
As long as there is a demand for stolen goods on the dark web, cybercriminals will continue launching attacks against businesses for data that will return a profit on the black market. To combat this, businesses should focus on the following key areas:
Deploy dark web monitoring and response tools.
Small businesses should utilise dark-web monitoring tools to alert them when any activity associated with sensitive information is detected on the dark web. Whenever an organisation is breached, there is a very real possibility the stolen information will find its way on to the black market so having an early warning alert system in place is key.
By using these tools, companies can choose what identifiable information to monitor and receive timely notifications when that data is discovered on marketplaces, bins, and dump sites. This can help alert these businesses to breaches they may not even be aware of and shorten disaster recovery-response times to mitigate further damage.
Use training and security exercises to remove vulnerabilities
A survey carried out by Lastline in 2019 revealed that 84% of employees questioned who said their company had experienced a cyber-attack attributed at least part of that event to human error. Poor habits such as recycling the same password for multiple accounts can easily compromise a small business’s cybersecurity measures and make it easier for hackers to breach company servers.
By implementing regular training and security exercises businesses can reinforce security best practices among employees who might not even know how to approach or respond to a threat.
How Wontok can help protect businesses
Luckily, businesses do not have to wait for sensitive information to pop up on the dark web to act. Our Wontok One for Business solution includes Watch & Alert – an easy to use, affordable service that helps businesses detect and protect against data breaches and other dangerous threats.
Watch & Alert detects compromised credentials in real-time on the dark web allowing businesses to immediately respond to the risk caused by exposed credentials on 3rd party websites:
- Hidden chat rooms
- Private websites
- Peer-to-peer networks
- IRC (internet relay chat) channels
- Social media platforms
- Black market sites
- 640,000+ botnets
- Multiple Dark Web services including Tor, I2P and Freenet
Data that can be monitored includes:
- Credit Card/Debit Cards
- Bank Accounts
- Email Addresses
- Phone Numbers
- Driver Licences
- Medicare Card
With our Watch & Alert technology, businesses can:
- Easily enter the critical data they wish to monitor.
- Automatically trawl the web and dark web 24 x 7 x 365 for suspicious activity that may compromise critical data.
- Receive Watch & Alert Notifications if suspicious activity takes place that indicates a privacy and identity breach has occurred and the type.
- Know which users, usernames, and email addresses were listed in a data breach, so that immediate action can be taken.
- Obtain access to our team of support specialists 24/7.
Wontok’s three-dimensional approach to cyber security spans across hardware, cloud, endpoint, and web, and provides real-time notifications to businesses if a data breach occurs and critical assets have been compromised.
To find out more about how Wontok can help, contact us today.