Home / Industry

Understanding the Risks of the Dark Web

We live in an information age where everything is becoming interconnected. Information is being created and accessed more readily than ever. In this environment, cyberattacks are a growing concern. Cyberattacks cost businesses as much as $400 billion annually and the threats are coming from places many people know very little about. PwC report that nearly 90% of large organizations now suffer some form of security breach. At least 60% of brands will discover a breach of sensitive data. However, many organizations simply don't know what they don't know. Researchers at MIT discovered that a full 75 percent of breaches go undiscovered for weeks or months and 67 percent of breaches were aided by significant errors from employees of the victimized firm.

This all means that the potential impact on brands' reputation and bottom line is enormous.

Consider these risks:

The Theft of Intellectual Property

It has become commonplace for engineers who need help with coding to post snippets of code to online forums asking for advice from others who share tips and tricks. However, the risks for unintentional disclosure of intellectual property and login credentials are high if the submitters are not aware of the need to redact sensitive information which could expose vulnerabilities. A proactive Dark Web monitoring service can generate a real-time alert that proprietary code is being shared.

The Trade in Hacking Tools

Cyber criminals are often successful because they participate in online communities and gain visibility into specific information that can help their mission. Fraudsters sell data that has been stolen via phishing and malware attacks, offer criminal services for hire and provide tutorials on codebreaking. This drives the surge in cyberattacks targeting corporate infrastructure allowing bad actors with varying skills to engage in a life of cybercrime. We've seen numerous examples of hackers sharing "how to hack" tutorials around specific company targets in online forums. Proactive monitoring can alert a company about these postings and allows them to fix vulnerabilities.

How Do You Tackle the Dark Web Problem?

Given that anonymity is fundamental to the Dark Web, it begs the question as to how to tackle the problem? In an anonymous world, how can brands take action and enforce on issues?

It's important to know what's going on 'down under' in the Dark Web in order to be able to take action. MarkMonitor recommends a comprehensive approach. Security teams need to consider vulnerabilities from all angles, paying attention to clients and partners as well as employees. A cross-functional approach is essential since attacks impact multiple departments in different ways. It's also important to gain visibility across all channels of the internet.

Research has shown that being proactive is the best — and most cost effective — defense. You need a solution that can help detect attacks before they happen, which requires you to gather threat intelligence from a largely anonymous and underground network.

The quicker a business takes action, the less the damage.

Recommendations

We recommend taking these brand protection steps:

  1. Prepare against planned attacks. It's important to proactively monitor Dark Web communication channels for mention of your brand to become aware of emerging threats. Understand that attacks can be planned months or years in advance and there are discussions on the Dark Web that you can track if you have the right technology.
  2. Identify and resolve breaches in as near real-time as possible. Take a proactive approach to monitor and efficiently infiltrate criminal networks — with real-time alerts, you can take the appropriate action quickly to minimize damage.
  3. Analyze stolen credentials sourced from consumers and businesses to find the root of the problem.
  4. Educate your employees, business partners and customers. Raise awareness of fraudulent threats before they can impact your company. Create educational materials for both your own employees and anyone who exchanges sensitive data with your company. These efforts can improve the cost effectiveness of your security infrastructure.
  5. Work with law enforcement. Increase the chances of shutting down fraudsters by handing over critical data to the authorities that have the resources to investigate criminal cases. Everyone benefits when you share threat data with relevant agencies that have data on different cases in aggregate. However, it's important to leave criminal enforcement to the professionals.

To find out more about this topic check out the free webinar recording where I review these issues with my college Jack Johnson in much more detail and check out the MarkMonitor solution.

MarkMonitor

About MarkMonitor – MarkMonitor®, the world leader in enterprise brand protection uses a SaaS delivery model to provide advanced technology and expertise that protects the revenues and reputations of the world's leading brands. Learn More

Related topics: Cybercrime, Intellectual Property, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Sponsored Topics