It seems like every time you turn on the news, there’s another large-scale cyber incident reported, and it’s only discovered after the hackers have published personal information on hundreds of thousands or even millions of people at a time for sale on the Dark Web. And, for most of the unsuspecting population, “breach fatigue” has conditioned us to tune out the noise because we have not personally felt the direct impact of one of these incidents. Not familiar with the term “Dark Web?” That’s OK, even some of the most sophisticated individuals in the tech space have no idea what the Dark Web is and how it is used for cyber exploit.
What is the Dark Web?
Think of the internet as being made of two sets of webs. The first web, considered the “surface web,” is the portion of the internet that is indexed by common search engines like Chrome, Bing and Firefox. In total, the surface web that the general population uses on a daily basis makes up roughly 4 percent of the entire internet. The second and infinitely larger web is commonly referred to as the “Deep Web,” the encrypted and hard to access area of the internet that was originally developed by the U.S. Government as a secure communication platform. Because communications and data flows are masked, the Deep Web quickly became the preferred communication channel for privacy conscious individuals and organizations as well as governments who wanted to share data globally without detection. As the Deep Web provided the ability to communicate anonymously, it didn’t take long for nefarious individuals and organizations to begin using the Deep Web as a platform for illegal activities and exploit. Thus, the term “Dark Web” was coined in the early 2000s to describe the pockets of the Deep Web being used to hide illegal activities.
Fast forward to today. As both the volume and sophistication of data breaches is reaching epidemic proportions with no signs of slowing down, the Dark Web is the venue of choice where data is bought and sold or simply published for exploit. When hackers or financially motivated organizations are successful at compromising data, they move quickly to monetize their heist on the Dark Web. On a typical day, hundreds of thousands of login credentials (email addresses and passwords), along with social security numbers, dates of birth, financial information and other PII is added to the Dark Web for exploit. This information often and unsuspectingly leads to identity theft and is used to enhance the effectiveness of social engineering campaigns and ransomware attacks, further perpetuating the exploit cycle.
How do the Dark Web and the increase in third party data breaches impact me and my clients?
As office equipment dealers begin to diversify and move upstream into the managed IT services space, they are intent on providing a seamless and secure user experience. They are adding the latest firewalls, anti-virus, anti-malware and network monitoring tools to their solution stack and are doing a pretty good job of keeping the bad guys out. So you think… However, your clients, who also suffer from breach fatigue and more importantly, a general lack of cyber security common sense, do not realize that when they use their company issued email addresses to register with “trusted” third party sites like LinkedIn or Dropbox, they are creating a potential exposure that has a close to 80 percent probability of circumventing the security controls you have put in place.
The data shows that almost 80 percent of your clients’ employees use the same or a derivation of the same password across every system they access, both on and off your client’s network. Rotating password and requiring password changes every 30, 60 or 90 days has very little impact in stopping this threat. If your client’s internal requirement is to have a capital letter and special character, the next time their employee logs in, there is a 60 percent chance they will add a second number or exclamation point to the end of the new password. For example, the password “Scarecrow1” will become “Scarecrow12!” Even newbie hackers are able to download free and easily accessible password crackers and brute forcing programs to test hundreds of combinations of your clients exposed passwords in a matter of minutes. And, as the adage goes, it only takes one!
Start monitoring and protecting your clients from Dark Web exploits
To help protect your clients from the dramatic rise in credential-based exploits, there are automated monitoring solutions designed specifically targeted at the Dark Web. These solutions allow monitoring, reporting and mitigating credential-based exploits that, even with the most robust security defenses in place, can be used to access clients’ data. IT service providers, MSPs and MSSPs are finding this is an opportunity to quickly and cost-effectively increase monthly recurring revenue, customer stickiness and new client conversion rates. Service providers are enhancing their security offering, providing security and phishing awareness training and selling much-needed add-on solutions.