What is the dark web & is your small business at risk?
Do you know what the dark web is and how it could out your small business at risk? If the answer is no to either or both questions, please read on. You may be familiar with the ‘dark web’ as a place online somewhere where illegal or dangerous activities take place. This is correct but there is much more to the dark- or ‘deep web’ than you may think.
Especially if you are a small business owner. Part of the “Deep Web”, the Dark Web is, where illegal activity takes place (Drug deals, hacking, counterfeit money, etc.) The dark web term emerged with the advent of the internet search engine over 20 years ago.
The information contained on this ‘hidden’ part of the internet would shock most people. However, small business owners should be very aware of the pitfalls of not having correct security measures in their IT setup in place.
Characteristics of the Dark Web:
Information that is INTENTIONALLY hidden from search engines is qualified to be in the Dark Web
Most websites are on the .Onion domain and only accessible through a Tor browser
The information found on the Dark Web is technically public information…just not found by the general public (visiting the Dark Web is NOT Recommended!)
It is mostly community based…web sites go up/down/up again overnight and this is where financial details are sold- credit card info, identity information, child pornography and illegal drugs
How can hackers target small businesses and why they at risk:
They can do this by gaining access to sensitive data of a target’s IT network in a manner of ways. George Torsten has summarised it well in Secuity Week in 2018, see here for full article. ”The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials.
Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom”. …it’s not surprising that most of today’s cyber-attacks are front-ended by credential harvesting campaigns. Common methods for harvesting credentials include the use of password sniffers, phishing campaigns, or malware attacks.”
Why should small business owners be concerned about hacking and dark web criminals:
We know that small businesses are at great risk from hackers. These criminals sell their information on the dark web. According to the Federal Trade Commission in the US. In 2017, the Federation found that, data stolen from businesses ends up on the dark web. Then these criminals buy and sell it to commit fraud, get fake identity documents, or fund their criminal organizations.”
We can say that this is not good news for small business. This is why we need to make sure we are careful in our security measures. We can help in this regard as IT Security experts.
Information available for sale on the dark web is up to 20 times more likely to come from an entity whose breach wasn’t reported in the media. Many of these are smaller retailers, restaurant chains, medical practices, school districts, etc. In fact, most of the breaches the U.S. Secret Service investigates involve small businesses.
This is also becoming more common in Ireland where we have seen high profile data breaches. Even in organisations such as the HSE, a Government Department and many small businesses. A very worrying trend overall for every small business and organization who have less resources than larger, richer ones.
What we can do at Cinnte to help you:
We have posted recently about the importance of cyber security for small businesses. We want to help educate businesses like ourselves, about how they can keep employees and clients’ information secure online. You can subscribe to our blog for updates on all areas of IT and keeping your business secure, productive and free of disaster.
You can start by signing up for our free dark web scan by emailing us at firstname.lastname@example.org. We will perform this for free for small businesses and give you a detailed report afterwards. We can advise on measures to help protect and prevent your credentials being hacked or stolen by cyber criminals.