In 2009 when we first heard about the dark web it was a phrase that was mentioned almost in a whisper, like a thing of myth that was only of interest if you were an international crime lord or drug dealer. However, in more recent years as it has expanded, the dangers of the dark web are a threat to us all.
A study carried out in 2019 by Into the Web of Profit showed that 60% of the sites on the dark web were illegal (and that doesn’t include those which are drug related). It is the place to purchase drugs, firearms, fake IDs, stolen credit cards and data.
Whilst the majority of internet users don’t know how to access the dark web, there is a very real danger that hacked data such as bank and personal details or passwords could be sold and bought on the dark web.
And the threat is a very real one regardless of the size of your business. For example, between April and August of this year hackers had been gathering data from the United Nations’ servers, and then sold the details on the dark web to the highest bidder. For example, login details of UN staff were sold for $1000 (£723). These login details provided access to the UN’s project management software which offered insider information on how government and humanitarian projects are run globally. The most worrying aspect is that the hackers, although known to be ‘Russian Speaking’ have not been identified, nor has their reason for the hack been established.
Many businesses, who have been targeted with ransomware have paid the ransom after the hackers threatened to publish their data on the dark web. Even worse than that, is an increase in advertisements on the dark web, selling access to corporate networks. And there is a massive market for it. Researchers at Positive Technologies have identified that hackers are selling approximately $600,000 (£434,000) of corporate login details a quarter.
Although cyber attacks and data breaches are on the increase it doesn’t seem to be because there are more hackers, but rather because users are not utilising effectively the security measures which are already available, therefore making it easier for cyber criminals to hack business networks. And with the dark web being a great market to sell data, especially cloud login details, it’s low-hanging fruit for cyber criminals.
Protecting your systems
In order to protect your data from being sold on the dark web, it is essential to ensure the cyber criminals don’t get hold of it in the first place. Whilst no security system is 100% hacker proof, the more security measures you put in place the harder it is for hackers to gain access to your systems.
- Multi-factor Authentication – This means that access to corporate networks requires a password as well as biometric data, an auto-generated pin or a physical authentication key. Then even if passwords are breached they won’t allow access.
- Complex Passwords – The more complex the passwords the more secure they are. They should include upper- and lower-case letters, special characters and numbers and should be a random selection of words or letters. Users should not have the same password for all of their logins as, if one is sold on the dark web the hackers could have access to a lot more than they were expecting.
- Anti-Ransomware/malware/virus-software – By installing anti-ransomware, anti-malware and anti-virus software onto all systems it makes it more difficult for the hackers to gain access to your machines and therefore data.
- Regular Updates – Installing software isn’t enough. All software and operating systems need to be updated regularly, as updates fix bugs and glitches in the processes. It is these bugs and vulnerabilities that the cyber criminals use to gain access to your machines.
- Access Management – Implementing the rule of least privilege, means users within your organisation only have access to files and applications that they require to do their jobs. This means that should a hacker gain access to a machine, they only have access to the things that user has access to, which can limit the damage caused.
- Regular Staff Training – Many cyber criminals gain access to business networks using phishing campaigns, and therefore the more training staff have on how to recognise these and the consequences of being victim to it is a valuable tool in your defence.
In addition to protecting your systems from the cyber criminals ensuring they are unable to gain access, there are additional security measures which will ensure that should they gain access, your business is still able to trade and does not lose vital data. The most important of these is carrying out regular back-ups and storing them offsite as well as having a robust Data Recovery policy in place.
Whilst no security measures are fool-proof or indeed 100% hacker proof you can never be too secure. If you would like to have a security assessment on your business network and some practical advice on how to improve your security processes contact Security Everywhere today.