According to Visual Capitalist, the “surface web” represents only 4% of the internet. It is the portion of the internet that is indexed by search engines and can be traced easily.
Dive deeper and you find the deep web which makes up most of the internet. Search engines don’t index those sites, but you can access them from a standard web browser.
Then you have the dark web, representing only a tiny percentage. The Dark Web is a nefarious part of the Deep Web: an obscure sub-internet designed to house illicit databases and provide anonymity to criminals.
We don’t need to know the ins and outs of the dark web, but it is important to understand the risk the dark web poses of a data breach and how incorporating dark web monitoring into your overall cybersecurity strategy is important.
Today’s hackers are working smarter, not harder and have all sorts of strategies for finding valid credentials that give them access to a corporate network or company data. These strategies include phishing, malware, social engineering, exploiting known vulnerabilities and they also use the dark web to buy what they want.
Research finds that most breaches are not initially detected and may not be discovered until several months after the initial attack. According to IBM’s Cost of a Data Breach Report 2020, the average time to identify and contain a data breach is 280 days (approximately nine months). Often, breaches are only detected after it is discovered that compromised, sensitive information has been released or is for sale on the dark web. Are any of your corporate credentials for sale on the dark web?
A dark web scan can help further identify risk exposure and act as an early warning to potential dark web risks. It can also protect employee credentials. The scan can uncover any exposed employee credentials and allows you to set up ongoing monitoring so you will be notified of any future credential leaks.
Running a dark web scan against an email domain can provide eye opening results. For example, one organization’s email domain scan uncovered 30 compromised emails, including the business owner’s bank account login credentials. And this is just one example, we’ve seen many shocking results running these reports for clients.
If your credentials have been exposed publicly, you can never use that password again. Once that password is part of a public list, especially one that is associated with your email address, you can be sure it will be used in a future attack. The risk is too great to even consider using it again, and any other account that uses the same password should be immediately changed as well. Similar passwords used with other accounts should be changed too.
Business email addresses should NOT be used for non-business-related activities, and separate passwords should be used for each site or application you use. The results of a dark web scan will show if any of your employees may have used their business email for non-business reasons and had their credentials compromised, bringing unnecessary risk to your organization.
If you identify any of your users’ credentials for sale on the dark web, take the necessary steps to remediate the situation.
A dark web scan can be used as an early warning tool and is one more way to understand the strength of your current cyber defence. The next step is to prioritize strengthening your security posture for the future. That includes training your users on their role in defence of the organization, setting up multi-factor authentication (MFA) and employing an MDR service to secure your endpoints so you will be alerted if (or rather when) an attack is attempted.
Many organizations are shocked and surprised when they see their employees’ access information available for sale on the dark web. Whether you have a large enterprise or a small- to mid-sized business, be sure you aren’t a target!