(Editor’s note: This is the second of a two-part series on business-related cybersecurity issues. See part one here.)
When it comes to cybersecurity, few topics capture the imagination more than the darknet.
What is this mysterious corner of the internet that conjures such a sense of foreboding? Is it true that cybercriminals utilize it as a base of operations to obscure and conduct their illicit activities? While many of the darknet’s secrets will remain forever cloaked in the shadows, having a clear understanding of this segment of the internet will help protect against the threat of a nefarious darknet incident in your organization.
The first step to understanding the darknet is by differentiating the components that make up the internet: The surface web, the deep web and the darknet.
The surface web, or what is able to be indexed and subsequently found using a search engine, is made up of about 5 billion pages. Even with the surface web’s sizable number of webpages, this “visible” section of the web accounts for less than 10% of what’s out there.
The next section of the web, by far the biggest area, is the deep web. This constitutes over 90% of the entire web and contains all of the data that is privately held, such as banking information, government data, social media sites and data on corporate servers.
That leaves us with the darknet, a small splinter of the deep web that, according to experts, is made up of only a few thousand sites. While only a minuscule fraction of the web as a whole, the darknet is of great concern to law enforcement and extremely consequential to businesses if preventative cybersecurity strategies are not in place. Accessing the darknet is not as simple as typing in an address into your typical web browser. Instead, a special tool is required, such as Tor, the most widely used darknet browser. And, whereas surface web sites would, for example, end in “.com,” darknet site addresses are difficult to find, end in “.onion” and are often made up of seemingly random numbers and letters.
That brings us to the question: Why do criminals utilize the darknet? The answer is simple: anonymity, as it is very difficult to track activity using the Tor browser. This anonymity attracts users who feel empowered to buy what criminals are selling, which can include massive amounts of data stolen from businesses, such as passwords, credit card accounts, health records, banking information and other sensitive pieces of information. These sites are also where weapons, drugs, ransomware kits and child pornography can be found.
Safeguarding your business from the threats that lurk on the darknet, or worse, having your data trafficked there, requires cybersecurity awareness and preparedness. Here are proactive steps to consider:
• Educate and train employees to identify threats.
• Change passwords often and use two-factor authentication.
• Limit the retention of and access to sensitive data to what is minimum and necessary.
• Enforce cybersecurity policies, without exception.
• Perform simulated cyberattacks to uncover weaknesses in your cybersecurity plan.
It should be noted that not all activity that takes place on the darknet is illegal or shady. Sometimes, activists interested in exposing government corruption or secrets use the darknet to disseminate their information.
But individuals and organizations must be cautious and proactive in protecting their data from dangerous cybercriminals lurking on the darknet in search of their next attack. n
Brian J. Lamoureux is a partner at Pannone Lopes Devereaux & O’Gara LLC. Kevin Ricci is a director in cybersecurity at Citrin Cooperman.