As the world transitioned to widespread remote work, the accompanying move online presented countless new avenues for cybercriminals to attack. Security awareness has become more of a focus than ever before as the lines between our personal and professional lives became increasingly blurred.
Companies across every industry have been quick to supplement traditional channels with digital equivalents to capitalise on the move online. As hackers look for new methods of attack, it has become mission-critical for businesses to ensure their corporate data is safe from prying eyes. And yet, consumers are becoming increasingly desensitised to the risks posed by cyberattacks despite horror stories of data breaches and information for sale on the dark web.
Our research has revealed that 40% of people don’t even know what the dark web is, and are blissfully unaware as to how their information could be at risk. As many of us are now spending more time online, it’s clear that consumers’ blasé attitude towards security is down to a lack of awareness. So what do we mean by the dark web and how can we prevent our information from falling into the wrong hands?
The dark side of the web
The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. This is alarming when 80% of data breaches are a result of weak passwords and we consider that 92% of Brits admit to password reuse despite being well aware of the consequences.
Most people don’t really understands the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a recent study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves.
Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.
Is your information on the dark web?
Our research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web – and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think – since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.
Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.
Becoming cyber-aware
Detection is undoubtedly pivotal in keeping ahead of fraudsters, but the foundations begin with awareness. The majority of breaches take place as a result of simple mistakes which can be easily addressed – using your Facebook password at work or failing to change the default settings of connected devices. But at the same time, businesses must stress the importance of being cyber-aware and foster a culture of security awareness throughout the organisation.
While some businesses have started reopening their doors, many of us will continue working from home for the foreseeable future. Driving cyber-aware practices should therefore be a priority, requiring each department to work together and get their security practices up to scratch. The security challenge is constantly evolving and will likely become even more complex as digital migration continues. With the risks of the dark web always looming, we’d all benefit from refreshing our cybersecurity practices. A good place to start is by using randomly generated passwords which are unique across different platforms; from there, implementing solutions with built-in privacy features will help to prevent another dark web horror story.
Senior Manager, Identity and Access Management
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.