Security and Compliance for Businesses: What is the Dark Web?

What the heck is the dark web and why does this weird term matter to my business?

Maybe you heard your LinkedIn, Instagram, or Dropbox password was floating around out there.

Or maybe you read a news story about that guy who got busted for running Silk Road, that site that sold drugs and other illicit goods.

Chances are you’ve seen the words “dark web” splashed in a headline or heard them mentioned by a friend.

But what the heck is the dark web? How do you get there? And what makes it so “dark”?

What is the Dark Web?

The Dark Web is a part of the internet that isn’t indexed by search engines.

It’s not accessible through traditional search browsers and is often associated with a place used for illegal criminal activity.

It’s a place on the internet only accessed using certain web browsers.

Cyber criminals tend to use the Dark Web as a place to buy and sell stolen information but there are also sites within the Dark Web that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.

So what exactly happens on the Dark Web?

Things like identity theft are regular and unfortunate occurrences, especially with most business owner’s information. Often, business owners just like you and I are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; that’s the place known as the “Dark Web”.

What is for sale on the dark web?

Information sold on the Dark Web varies.

It includes items such as stolen credit cards, stolen account information from financial institutions, forged real-estate documents, stolen credentials and compromised medical records.

Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

Stolen information that’s obtained by criminals can be used for countless activities like securing credit, mortgages, loans and tax refunds.

It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable?

Stolen usernames and passwords are becoming increasing popular among cybercriminals, but why?

Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those usernames and passwords.

The idea here is that many individuals have poor password practices and are using the same username and password across various accounts, including business account such as banking and E-Commerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons.

Why should businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from businesses will end up there, creating major cause for concern.

With the media so often publicizing large-scale corporate data breaches, small to medium sized businesses (SMB’s) often feel they are not a target for cybercriminals, however that is not the case.

Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media.

The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business and organization?

There are a few, free, yet simple things you can do to reduce your risk of having your info become victim to the Dark Web.

First, you must ensure you have proper security measures in place. You can learn more on our website about things to consider when creating an IT environment that’s safe, secure, and compliant. Go here to learn more.

Second, it’s critical that your employees are properly trained on security, including appropriate password practices. There is also talk of a government-led cyber threat sharing program which would help enhance security across all industries by sharing cyber threat data.

Lastly, there’s always training sessions with the team at Cooperative Systems that will help. As part of our fully managed IT services we cover a broad range of security topics that increase your employee security awareness, protect your business, all the while giving you peace of mind.

Good security is the kind that protects your business form the Dark Web. Need help teaching your employees the importance of cybersecurity and avoiding Dark Web issues? Click here to get started.