Don’t get tangled in the dark web
The dark web is a hotbed of criminal activity. It is where sensitive business and personal information, credit card details, guns, illicit drugs and even people and body parts are sold. So it goes without saying that the average person does not want to be tangled up in the dark web. Yet, personal information such as bank account details, credit card information, ID numbers, home addresses, email addresses and other personal identifiable information is finding its way onto the dark web.
“If your personal information is on the dark web, it is because someone took it without your permission and put it there. Believe it or not, your information is valuable,” says Douw Gerber – Business Development Manager at leading South Africa-based managed IT security services company, Securicom.
He explains that the dark web is an underground network of untraceable websites and online activities. To access these, specialised software and configurations are needed. This means that the dark web is largely hidden from the average user. The illicit trade and activities that abound on the dark web are reserved primarily for criminals who want to keep their work hidden.
Stolen personal and financial information is big business for cyber criminals. This information is used by criminals for fraud or worse still, identity theft. For victims, the loss of sensitive or confidential information can lead to financial losses or identify theft. Companies can also lose money while suffering reputational damage as well as penalties should the breach of information be in violation of government or industry compliance regulations relating the to the protection of personal and sensitive information.
A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that number of dark web listings that could harm an enterprise has risen by 20% since 2016.
Data breaches of public websites are happening all the time. In the last few weeks, a major South African hospital group was the victim of a cyber attack where it is alleged that personal identifiable information of customers may have been compromised.
“This doesn’t only happen to large enterprises that are in the news. It happens to small businesses and individuals too. Do you use Dropbox? 68-million Dropbox user accounts were compromised in 2016.
Individuals and small businesses are the worst hit because they often don’t have sufficient IT security processes and procedures in place and they don’t have the skills to deal with the breach so they end up losing valuable data or money,” says Douw.
Cyber criminals have an array of ways of stealing information from people and companies. They hack into networks and accounts, they use spyware and other malware to capture passwords and user credentials, and they use phishing scams. Once they have got their hands on the information they want, they can use it for their own financial gain.
“Information is sold to the highest bidder or made freely available on the dark web to be traded between bad actors. Any personal identifiable information that can be used to impersonate you or used against you in a cyber attack is valuable to them,” Douw adds.
Poor network and end point security, and poor end user security awareness contribute to the increasing number of data breaches and growing volume of stolen information being traded on the dark web.
“A monitoring tool can help you keep track of your personal information. If your information lands up on the dark web, there is not much you can do to get it off. However, knowing that it is there can better prepare you in the event of an attack. Obviously changing passwords would be a step in the right direction,” recommends Douw.
He stresses that everyone, from individuals and small businesses to large enterprises can benefit from effective cyber security awareness training.
“Get educated about cyber crime and understand the risks of engaging and transacting online. This will help to reduce your risk of becoming a target and if you are targeted, you will be able to recognise that you are being attacked and take steps to stop it.”
uSecure – a new managed service offering from Securicom – is a user focused, cloud-based security awareness training platform to drive secure user behavior to reduce risk. The uBreach functionality within the uSecure platform can quickly identify exposed employee email accounts and identities that have been publicly disclosed online via third-party data breaches. Because uSecure is offered on a subscription basis for as low as R21.00 per user per month, it is affordable to companies of all shapes and sizes.
Securicom is offering a complimentary Employee Risk Assessment (ERA) to companies to get them started. The ERA report identifies employees’ current risk level to internal and external threats through calculating reality-based metrics, including their current susceptibility to targeted phishing attacks as well as identifying data that is stolen or exposed on the dark web.