We live in an information age where everything is becoming interconnected. Information is being created and accessed more readily than ever. In this environment, cyberattacks are a growing concern. Cyberattacks cost businesses as much as $400 billion annually and the threats are coming from places many people know very little about. PwC report that nearly 90% of large organizations now suffer some form of security breach. At least 60% of brands will discover a breach of sensitive data. However, many organizations simply don’t know what they don’t know. Researchers at MIT discovered that a full 75 percent of breaches go undiscovered for weeks or months and 67 percent of breaches were aided by significant errors from employees of the victimized firm. This all means that the potential impact on brands’ reputation and bottom line is enormous.
Consider these risks:
The Theft of Intellectual Property
It has become commonplace for engineers who need help with coding to post snippets of code to online forums asking for advice from others who share tips and tricks. However, the risks for unintentional disclosure of intellectual property and login credentials are high if the submitters are not aware of the need to redact sensitive information which could expose vulnerabilities. A proactive Dark Web monitoring service can generate a real-time alert that proprietary code is being shared.
The Trade in Hacking Tools
Cyber criminals are often successful because they participate in online communities and gain visibility into specific information that can help their mission. Fraudsters sell data that has been stolen via phishing and malware attacks, offer criminal services for hire and provide tutorials on codebreaking. This drives the surge in cyberattacks targeting corporate infrastructure allowing bad actors with varying skills to engage in a life of cybercrime. We’ve seen numerous examples of hackers sharing how to hack” tutorials around specific company targets in online forums. Proactive monitoring can alert a company about these postings and allows them to fix vulnerabilities.
How Do You Tackle the Dark Web Problem?
Given that anonymity is fundamental to the Dark Web it begs the question as to how to tackle the problem? In an anonymous world how can brands take action and enforce on issues?
It’s important to know what’s going on ‘down under’ in the Dark Web in order to be able to take action. MarkMonitor recommends a comprehensive approach. Security teams need to consider vulnerabilities from all angles paying attention to clients and partners as well as employees. A cross-functional approach is essential since attacks impact multiple departments in different ways. It’s also important to gain visibility across all channels of the internet.
Research has shown that being proactive is the best – and most cost effective – defense. You need a solution that can help detect attacks before they happen which requires you to gather threat intelligence from a largely anonymous and underground network.
The quicker a business takes action the less the damage.
We recommend taking these brand protection steps:
- Prepare against planned attacks. It’s important to proactively monitor Dark Web communication channels for mention of your brand to become aware of emerging threats. Understand that attacks can be planned months or years in advance and there are discussions on the Dark Web that you can track if you have the right technology.
- Identify and resolve breaches in as near real-time as possible. Take a proactive approach to monitor and efficiently infiltrate criminal networks – with real-time alerts you can take the appropriate action quickly to minimize damage.
- Analyze stolen credentials sourced from consumers and businesses to find the root of the problem.
- Educate your employees business partners and customers. Raise awareness of fraudulent threats before they can impact your company. Create educational materials for both your own employees and anyone who exchanges sensitive data with your company. These efforts can improve the cost effectiveness of your security infrastructure.
- Work with law enforcement. Increase the chances of shutting down fraudsters by handing over critical data to the authorities that have the resources to investigate criminal cases. Everyone benefits when you share threat data with relevant agencies that have data on different cases in aggregate. However it’s important to leave criminal enforcement to the professionals.
To find out more about this topic check out the free webinar recording where I review these issues with my college Jack Johnson in much more detail and check out the MarkMonitor solution.