With flu season wrapping up, and the coronavirus a real threat to many businesses here in the SF Bay Area, remote work could quickly become the norm. Regardless of policy, this opens many businesses up for credential stealing hackers to strike. With many workers out this time of year, businesses find themselves wondering how they can prevent cyber attacks and infiltration as credential-stealing becomes more popular than ever before.
Being a small business used to be known as a hacker deterrent; unfortunately, that is no longer the case. Business owners have taken notice, and many have already begun enhancing their security. For many SMBs, the dark web isn’t on their radar, but it should be.
What’s the Dark Web?
Built with the purpose of anonymity, the dark web is a powerful network of websites, forums, and communication tools. What differentiates the dark web from standard internet is that users are required to run a large number of security tools to continue to assist in the process to anonymize web traffic. Cyber criminals are able to hide behind faked identities and locations while applying their trade to victims, making the dark web a hotbed of criminal activity.
What’s the Problem?
Many business owners have no idea the dark web exists. Several industry reports have found that 26% of SMB employees don’t even know what the dark web is, let alone the role it plays in data breaches. Even worse, some businesses might not even be aware they’ve been compromised until after their data has been bought and used by hacking attempts.
It’s not the dark web itself that causes problems for employees and users, because the internet’s underbelly isn’t easily accessible. Even once connected, you’ll find the dark web messy, volatile, and lack consistent addresses from victims of malware attacks past. Remember this is the “Wild West” of the internet, so HTML and pretty-looking websites aren’t as common.
How to Protect From the Dark Web
The answer is simple, recurring dark-web scans/monitoring and response tools. By utilizing these tools, companies can choose how to identify information to monitor. This helps businesses in alerting staff of breaches they were not aware of, shortening disaster recovery and response times to prevent further damage.
What Dark Web Monitoring Entails
The methods we use today still resemble the traditional threat-intelligence gathering process, and in many cases, this intelligence requires the combination of both human elements and technology.
- Step #1: Parse
The accumulated data is parsed and normalized to allow sorting by queries. Here is where we sift through and remove duplicate records or non-relevant data.
- Step #2: Validate
After removing ‘junk’ data, we check the domains for accuracy against any available anti-spam policies, including SPF Records, DKIM & DMARC. We then begin un-hashing the first three characters of the credentials.
- Step #3: Enrich
Once the credential is documented, we update each search with the breach source, date of publication, if the information is encrypted or not. This is also where we apply risk profiles for clients and organizations to measure their own findings against.
Monitoring the dark web is labor-intensive, particularly for internal staff in an SMB environment. It often makes more sense to provide alerts if any employee or customer data is being actively traded. However, the work does not stop there. In order to minimize any impact from a possible cyber-attack, companies need incident response and recovery procedures, in case an attack occurs and monitoring uncovers stolen data.
How Can Security Training Help
Human error always plays a role in a successful cyber-attack. More than a few business owners and their employees are unaware of the threat from the dark web. By implementing regular training and security exercises, we reinforce security best practices among clients.
Not sure how to approach or respond to a threat?
Clare Computer Solutions would like to help, ensure security and protection for your business technology, and its users.