Small and medium-sized businesses (SMBs) used to enjoy the perceived safety of being “small fish” in cyberspace. Many SMBs held the notion that they were less prone to cyberattacks because the effort it takes to attack them is greater than the gains.
But SMBs are actually more prone to attacks because their security measures tend to be insufficient compared to those of large corporations. Furthermore, criminals can now launch volume-based attacks, thanks to automation and the shrinking price of processing power.
The truth is that cybercriminals aren't discriminating when it comes to stealing data, as practically any kind of sensitive information has a price tag in the black market. Medical records and US passports go for as much as $1,000 to $2,000 each, and there are always regular buyers of all kinds of data and ID such as social security numbers, online payment services login information, credit cards, driver’s licenses, loyalty accounts, subscriptions, and even diplomas. Hackers swoop in, steal sensitive information and disappear into the “dark web.”
The “dark web”
The dark web refers to World Wide Web content that exists on darknets and overlay networks — these are corners of the internet that require specific software, configurations, and authorizations to access. It is not indexed by web search engines like Google, which is why it’s practically invisible to the vast majority of internet users. Darknets that constitute the dark web include small, peer-to-peer networks, and they make use of special routing protocols (called onions, because onions have layers) to anonymize traffic.
The dominant preconception on the dark web is that it is a swirling vortex of criminal activity. The dark web is where marketplaces of illegal goods and services can be found, and it is in these marketplaces where the majority of stolen identities and access credentials are sold and bought. These transactions are conducted anonymously, and sales are exclusively done through cryptocurrencies such as Bitcoin, Ethereum, and Monero. But it should be noted that it is also a channel for agency activity (military, intelligence, etc.) and surprisingly, a lot of benign content such as K-pop fandoms, bonsai enthusiast groups, and the like.
What to look out for
Dark web entities actually reside on the surface web (the regular internet as we all know it) too, which is where they find information to steal and sell. You don’t have to go down the dark web rabbit hole to be exposed to the dangers of its residents, as they regularly traipse through the surface web in search of possible targets.
This is why cybersecurity practices nowadays need to be robust, proactive, and current. This applies to both software and an organization's staff, as human users are often considered to be the weakest point in any organization’s cybersecurity strategy.
Make sure your IT team can provide you with a comprehensive data security plan that includes a strong password policy (that includes periodic password changes and supplementary protocols such as two-factor authentication) and a robust anti-malware framework. Constant training and leadership by example are the best ways to go about enforcing a strong data security plan.
How security training helps
Security training should help your staff better understand the dangers that lurk in plain sight online. Understanding what cybercriminals are after — and how they usually pursue it — will train your staff to spot irregularities that they would not have noticed otherwise. This is more important than ever now that criminals are getting better at copying legitimate websites and emails for their own gains.
Level up your cybersecurity with Arnet’s tried-and-tested network and data protection services. Arnet is powered by tier-1 threat intelligence and ID monitoring software, so that we can provide you with a cybersecurity report on your company, complete with which of your credentials are actively being sold on the dark web. We’ll even give you your initial assessment for FREE. Call now.