The Dark Web? Why Small Businesses Should Concern Themselves With the Threat.
Part of the problem starts with the fact that organizations simply don't know there is a black market for the buying and selling of stolen goods.
In the wake of the big corporate data breaches and social media scandals being reported, small businesses across multiple industries are concerned they may be next on a hacker’s hit list. But lacking the cash and resources needed to maintain a robust IT department, 54 percent of U.S. small businesses, a Ponemon Institute report revealed, experienced a data breach in 2017.
Not prioritizing -- or simply ignoring -- cybersecurity is no longer an option for small businesses. All it takes is one attack to wipe out an organization’s financials and force its owners to shutter for good.That's why many companies have already begun taking the necessary steps to protect themselves from direct cyber threats that could impact their business.
But when that protection isn't in place, what happens to the data that is stolen in a successful breach? While small businesses are aware of the dangers posed by phishing schemes and network probes, many are overlooking an equally dangerous threat that lurks out of sight: the dark web.
Demystifying the invisible part of the web and why small businesses should care
Unlike most places on the internet, the dark web is difficult to access because it lives on a part of the web that isn't indexed and cannot be crawled by search engines.
While such anonymity is not considered illegal, it has turned the dark web into a hotbed of criminal activity. Because thieves can mask their true location and identity, thieves have leveraged the dark web to buy and sell valuable data, like personally identifiable information stolen from private citizens. A $50,000 bank account, for example, could sell for as little as $500; one Experian report found that social security numbers can go for less than $5, while a driver’s license costs $20. You could think of all this as the Digital Black Market.
That brings us back to small businesses. For these businesses in particular, the dark web is a cause for concern for three reasons:
Not everyone knows it exists. Part of the problem starts with the fact that organizations simply don’t know there is a black market for the buying and selling of stolen goods. A data report by my company, Switchfast, found that 26 percent of small business employees don’t even know what the dark web is, let alone the role it plays in exacerbating data breaches. Even worse, some small businesses might not even be aware they’ve been compromised until after their data has been bought and used by someone else.
Sensitive information is up for grabs. In addition to stealing company-trade secrets, hackers are also looking for data like customer data to resell on the black market. The exposure of information like credit card numbers can put customers at risk of identity theft and lead to repercussions like future lawsuits and loss of consumer trust.
It’s not easy to access -- or search. Even if small business employees know what the dark web is, accessing and navigating the internet’s underbelly is no simple task. Once you've connected to it, you'll find that the dark web is messy and volatile, with websites constantly changing addresses to avoid becoming the victim of widespread malware. For small businesses, trying to manually search the dark web for stolen information can expose them to even greater threats.
How organizations can address the threat of the dark web before it’s too late
As long as there is a demand for stolen goods on the dark web, cybercriminals will continue launching attacks against small businesses for data that will return a profit on the black market. Luckily, small businesses don’t have to wait for their sensitive information to pop up on the dark web in order to act. From educating employees on good cyber hygiene habits to employing malware detection software, small businesses can make moves to push back against the threat of the dark web:
Deploy dark web monitoring and response tools. Whenever an organization is breached, there’s a very real possibility the stolen information will find its way on to the black market. Small businesses should utilize dark-web monitoring tools to alert companies when any activity associated with sensitive information is detected on the dark web.
By using these tools, companies can choose what identifiable information to monitor and receive timely notifications when that data is discovered on marketplaces, bins and dump sites. This can help alert these businesses to breaches they may not even be aware of and shorten disaster recovery-response times to mitigate further damage.
Eliminate vulnerabilities through training and security exercises. A separate survey by Lastline revealed that 84 percent of employees polled who said their company had experienced a cyber attack attributed at least part of that event to human error. Poor employee habits, such as recycling the same password for multiple accounts, can compromise a small business’s cybersecurity measures and make it easier for hackers to breach company servers.
Instead, companies should implement regular training and security exercises. That way, they can reinforce security best practices among employees who might not even know how to approach or respond to a threat. Our report found that 35 percent of employees surveyed didn't even know if their organization had an incident-response plan in place, while 65 percent had never received a phishing test during their tenure.
Today, every business is a potential target for cybercriminals -- but not every business is prepared to deal with the threat of the dark web. As small businesses develop robust cybersecurity programs, they also need to keep a close eye on the dark web to mitigate the risk of becoming the next victim of fraud.