Cybercriminals must be celebrating the fact that 23 billion devices are currently connected to the internet. Peter Matthews looks at ways to remain safe in a super-connected digital world.
Business leaders traditionally see the dark web (content on the World Wide Web that makes use of anonymity software to conceal their location on the internet) as an off-the-radar criminal marketplace or, at best, a safe house for political activists. But a new generation of CEOs and CFOs are starting to use it as a key data security resource.
For those charged with driving company strategy and protecting finances, the dark web is a means of gaining early intelligence that could limit financial and reputational damage. And the evidence suggests that business leaders need all the help they can get.
A 2018 report by the Department for Digital, Culture, Media and Sport found that more than four in 10 UK businesses (43%) have experienced cybersecurity breaches or attacks in the last 12 months. This rises to seven in 10 (72%) among large businesses. Hackers feast on the rich pickings served up by FTSE 100 companies, banks, government departments and utilities, but are equally attracted to the mouthwatering morsels supplied by smaller businesses that may act as doorways to a much bigger food chain.
Cybercriminals might well celebrate the fact that, according to stats portal Statista, 23 billion devices are connected through the Internet of Things and raise a glass to the generation of business leaders who don’t have the temerity to trespass on their turf or dare to disrupt their trade in stolen goods. For bolder souls, it’s worth understanding how the dark web works and how it can help you regain control following a breach.
A window of opportunity
Parts of the dark web are entirely legitimate while others operate as a thriving marketplace for illicit goods and services, including stolen data. Its labyrinthine and complex spaces are home to multinational organised crime ‘families’ and sole traders plying their wares from back bedrooms.
Some dark web ‘personnel’ specialise in buying or selling hacking services, others design sophisticated malware or specialise in sifting, cleaning, packaging or matching data
Sellers have ratings and reputations. Those who have yet to build trust and contacts might well have to use an intermediary and it might therefore take them more time to find a buyer.
The need to navigate these structures and relationships offers dark web analysts a valuable window of opportunity. Experts can often access invitation-only trading rooms and use established techniques to confuse the market and destroy the trust of potential buyers, giving you time to launch your strategic response to a hack. In some circumstances, analysts may be able to remove stolen data altogether.
Data travels extensively as a result of everyday business relationships and services, so turning your HQ into Fort Knox will only take you so far. If you’re guarding your data and that data moves, you have to move with it.
Effective data security is about taking your response to the threat, wherever it is. When valuable information is stolen, that threat is often the dark web.
Specialists in the field use technology that scans the dark web 24/7 and can let you know as soon as your data appears. They can also tell you if data from a previous breach is already there. These services tend to use bots and crawlers which can cover a lot of ground in a short space of time. But it’s human analysts that are more likely to pass screening ‘tests’, giving them access to those zones reserved for the most valuable information.
This kind of knowledge allows your business to act on real information in real time. It means that your cyber response can be rapidly deployed, targeted and focused. And it means the information you give to customers and regulators can be accurate which, in turn, should help steady the market, including potential customers and stakeholders. How you handle a breach gives more market information about your customer services and values than a mission statement ever could.
Risk awareness and management
When someone hacks your systems or accesses your data via a third party you need to know what they’ve taken and you need to know as soon as possible. This should help you quantify the risk, contain damage and maintain core functions while investigations and repairs are carried out.
It will also help you build a fuller, facts-based view of your risk landscape, enabling you to make better quality decisions about who you share your sensitive data with and how it is maintained and kept safe.
Loss prevention isn’t just about avoiding breaches in the first place, it’s also about minimising the damage resulting from those breaches. Dark web information and intervention can help minimise the impacts on the financial health, functionality and reputation of your business.
If you know what the hackers have got and how they plan to use it, you might be able to work out what else they’re coming for and minimise the risks with the data they’ve just stolen. This could help you determine what security measures to focus on in the future. The priority should be making your organisation more resilient while dealing with the immediate threat and maintaining functionality.
As data breaches become more commonplace, companies are being judged on how they handle being hacked. This includes whether it takes them days, months or, as in the case of Marriott International, years to notice a breach and take remedial action. It also includes the level of responsibility they take, how much information they give customers, the way they handle the press, what post-breach advice and support they offer and so on.
Dark web intelligence offers an opportunity to do better on all these points, providing alerts within minutes of data being published on the dark web. Marriott International, which in 2018 revealed a data breach that could have seen the records of up to 500 million guests of its Starwood division of hotels accessed since 2014, might have fared better had it reacted sooner. Cybersecurity isn’t just about systems and technology, it is about risk awareness, mitigation and management, strategic planning, intelligent incident response and wider skills development. It’s about understanding how threats arise and how they can be minimised or neutralised.
Unless you know how to explore the dark web without leaving footprints, going it alone probably isn’t wise. However, this mass of unindexed sites is a vast knowledge bank and using it in a safe, timely and intelligent manner can make a real difference to the way you think about cybersecurity and act on breaches. Indeed, it might be the one service that could save your business and your personal reputation too.