With flu season wrapping up, and the corona virus a real threat to many businesses here in the SF Bay Area, remote work could quickly become the norm. Regardless of policy, this opens many businesses up for credential stealing hackers to strike. With many workers out this time of year, businesses find themselves wondering how they can prevent cyber attacks, and infiltration as credential stealing becomes more popular than ever before.
Being a Small business used to be known, as a hacker deterrent; unfortunately that is no longer the case. Business owners have taken notice, and many have already began enhancing their security. For many SMBs, the dark web isn’t on their radar but it should be.
What’s the Dark Web?
Built with the purpose of anonymity, the dark web is a powerful network of websites, forums, and communication tools. What differentiates the dark web from standard internet is that users are required to run a large amount of security tools to continue, to assist in the process to anonymize web traffic. Cyber criminals are able to hide behind faked identities and locations, while applying their trade to victims, making the dark web a hotbed of criminal activity.
What’s the Problem?
Many business owners have no idea the dark web exists. Several industry reports have found that 26% of SMB employees don’t even know what the dark web is, let alone the role it plays in data breaches. Even worse, some businesses might not even be aware they’ve been compromised until after their data has been bought and used by hacking attempts.
It’s not the dark web itself that causes problems for employees and users, because the internet’s underbelly isn’t easily accessible. Even once connected, you’ll find the dark web messy, volatile, and lack consistent addresses from victims of malware attacks past. Remember this is the “Wild West” of the internet, so HTML and pretty-looking websites aren’t as common.
How to Protect From the Dark Web
The answer is simple, recurring dark-web scans / monitoring g and response tools. By utilizing these tools, companies can choose how to identify information to monitor. This helps businesses in alerting staff of breaches, they were not aware of. Shortening disaster recovery and response times to prevent further damage.
What Dark Web Monitoring Entails
The methods we use today, still resemble the traditional threat-intelligence gathering process, in many cases, this intelligence requires the combination of both human elements and technology.
- Step #1: Parse
The accumulated data is parsed and normalized to allow sorting by queries, here is where we sift through and remove duplicate records, or non-relevant data.
- Step #2: Validate
After removing ‘junk’ data, we check the domains for accuracy against any available anti-spam policies, including SPF Records, DKIM & DMARC. We then begin un-hashing the first three characters of the credentials.
- Step #3: Enrich
Once the credential is documented, we update each search with the breach source, date of publish, if the information is encrypted or not. This is also where we apply risk-profiles for clients and organizations to measure their own findings against.
Monitoring the dark web is labor intensive, particularly for internal staff in an SMB environment. It often makes more sense to provide alerts if any employee or customer data is being actively traded. However, the work does not stop there, in order to minimize any impact from a possible cyber-attack, companies need an incident response and recovery procedures, in case an attack occurs and monitoring uncovers stolen data.
How Can Security Training Help?
Human error always plays a role in a successful cyber-attack. More than a few business owners and their employees are unaware of the threat from the dark web. By implementing regular training and security exercises, we reinforce security best practices among clients.
Not sure how to approach, or respond to a threat?
Clare Computer Solutions would like to help, ensure security and protection for your business technology, and its users.