What you don’t know can hurt you.
For most small businesses the Dark Web is little understood, but nevertheless a significant threat. Small businesses are often an easy target for cyber criminals – not in some distant future, but today.
Dark Web IT Solutions for Small Business Owners
For every small business, a basic understanding of the Dark Web and how to protect your company is a must. Here are 8 key things to understand about the Dark Web, its threats, and what to do to protect your business.
What is the Dark Web?
The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet hidden from conventional search engines. Search engines like Google only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web.
The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
How do cyber criminals make money off my company’s credentials via the Dark Web?
Forget the guns and drugs, what cyber criminals want are your company’s credentials. Usernames and passwords represent the keys to the kingdom for malicious attackers.
Criminals who know how to penetrate a company’s defenses can easily steal hundreds or even thousands of credentials at a time. And unfortunately, these breaches happen all the time.
A criminal dealing in stolen credentials via the dark web can make tens of thousands of dollars from buyers interested in purchasing credentials. By selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers.
Are Small Businesses Really a Target for Cyber Criminals and What’s the Impact?
Small businesses often make easy and profitable targets: Yes, big business data breaches and huge ransomware paydays dominate the headlines. But, research by the Ponemon Institute shows that small businesses are a prime and often easy target with cyber-attacks affecting more than 61% of those surveyed.
To a small business, the impact of a successful attack can be devastating. According to the report from Ponemon, in the aftermath of successful attacks, companies spent an average of $1,027,053 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $1,207,965.
What Can an Attacker Do with Compromised Credentials?
Once an attacker has your credentials, they have a wide range of exploitation options, such as:
- Sending spam from compromised email accounts
- Defacing web properties and host malicious content
- Installing malware on compromised systems
- Compromising other accounts using the same credentials
- Exfiltrating sensitive data (Data Breach)
- Identity theft
What’s the one main target for cyber criminals?
You may have the most up-to-date and strongest security systems in place, but its likely not enough. In fact, employees, the core of any business, are the main target for cyber criminals. Research shows that almost 90% of cyber-attacks are caused by human error or behavior.
And, current employees aren’t the only risk.
While employees may have moved on from your organization, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploitation.
Are You Good If You Protect Your Internal Systems?
It certainly would be easier if this was the case. But it’s a rare business that doesn’t rely on 3rd party systems like HR & payroll, email services, CRM, travel services, communications (Verizon, AT&T, etc.), e-Commerce, banking & finance, collaboration tools (Dropbox, box, Citrix, etc.) and social media to get work done.
Typically, employees use their work email as a user login on these 3rd party systems. If any of these systems get breached, your employee’s logins and passwords are compromised. And because, employees often use the same or very similar passwords for multiple online systems; including to other personal software and apps, the risk is even greater.
How Can a Small Business Protect Themselves from the Perils of the Dark Web?
While you can’t mitigate risk entirely, you can be more in control by implementing a suite of tools and procedures including:
Dark Web Monitoring - Monitoring the dark web for compromised credentials and sensitive data gives businesses a heads up when problems arise. This “early warning” signal is critical to protecting valuable IP and customer data.
Monitoring should scour botnets, criminal chat rooms, blogs, websites and bulletin boards, peer-to-peer networks, forums, private networks, and other black-market sites 24/7, 365 days a year, to identify stolen credentials and other personally identifiable information (PII).
Password Managers – Use corporate versions of password managers to save and secure various strong passwords and limit system access across staffing.
Backup - Data should be backed up to an offsite, secure location with regularly scheduled testing.
Security Assessment - Assess and test network, applications, 3rd party website policies, and procedural policies.
2-Factor Authentication - Use 2FA on any application that has compatibility for an added layer of login security.
Training and Education - Empower employees to recognize threats and respond accordingly. Knowledge is power and security!
Can a Small Business Monitor the Dark Web Themselves?
While you do not need special permission, accessing the deep or Dark Web requires the use of a “TOR” browser and should only be done using a VPN/10042017 encrypted tunnel. In general, we advise against attempting to access the Dark Web unless you have the experience, know-how, and the right tools to accomplish this sensitive task appropriately.
The Dark Web – a favorite hangout for cyber-criminals, but it’s a bad place for your company’s credentials. Knowledge, proper procedures, and the appropriate tools can best protect against sensitive data breaches and help mitigate the impact of breaches when they do occur.
It would be a rare small business that has the expertise and tools to protect against Dark Web threats. But, such expertise should exist within your IT Service provider. Fortunately, it does with LightWire, Inc.