Why Businesses Should Care About Dark Web Monitoring
- Businesses tend to ignore the role of dark web forums in facilitating data breaches
- Dark web monitoring solutions alert companies if their private and confidential data is found online
- If notified on time, companies can respond to phishing, business email compromise and IP infringement
June 25, 2021 | Market Intelligence
The risk of identity thefts and account takeovers using confidential data picked up from the dark web has increased due to the explosion in online activity and rapid shift to cloud infrastructure.
To detect such data breaches early and protect intellectual property and brand reputation, companies are increasingly using dark web monitoring tools.
‘Dark web’ vs. ‘deep web’
Often, the terms “dark web” and “deep web” are used interchangeably, but there are differences. Understanding these differences provides businesses with better context to build reactive and proactive cybersecurity programs.
The deep web is the part of the internet that is publicly accessible but not indexed or searchable without a specific IP address, log-in credentials or URL. It typically requires some form of authentication, such as a password-encrypted browser. This is the part of the internet that holds secure and confidential information, such as our financial and medical records.
The dark web is a part of the deep web that can only be accessed with special software or browsers such as Tor. Although the dark web is often associated with illegal activities — such as the sale of contraband, misappropriated or stolen data, and even COVID-19 vaccines — it also supports legitimate activities. For example, journalists sometimes use the dark web to communicate with their sources and protect their identities.
What is dark web monitoring?
Cybercriminals often sell personally identifiable information, such as names, social security numbers, addresses, emails and passwords, on the dark web.
In the last few years, many businesses have fallen prey to identity theft and cybersecurity attacks ranging from account takeovers and third-party breaches to business email compromise. For example, in 2019, more than 21 million corporate logins of Fortune 500 companies were stolen and put up for sale on the dark web.
And with remote workforces largely operating from unsecured home networks amid COVID-19, corporate security teams are struggling to regulate and control the growing number of attack surfaces — the vulnerable entry points in an organization’s system.
Dark web monitoring solutions provide identity theft protection to companies and alert them if their private and confidential data is found online. They help companies respond to phishing, fraud, business email compromise and intellectual property infringements by constantly crawling the surface web (the main part of the web that most of the public uses with a conventional browser such as Google, Mozilla or Yahoo), the deep web, and the dark web to identify and detect forums and marketplaces for mentions of a company’s name, employee or customer data, and other select keywords. The solutions issue real-time alerts when such information is detected and help analyze the threat.
Dark web attacks are often indirect, so most organizations tend to exclude dark web monitoring from their cybersecurity strategies. But cybercriminals often rely on compromised credentials taken from the dark web. Often, if a company’s data has been breached, it is highly likely that the stolen information will appear on the dark web before the company has even detected the attack.
Since dark web monitoring tools may not be able to scan the entire dark web, they are not foolproof solutions. As a result, businesses should focus on procuring tools or solutions that allow them to continuously monitor their data more deeply, discover exposures early and prevent account takeovers.
Sources and references:
- https://www.digitalshadows.com/blog-and-research/security-threat-intel-products-and-services-mapping-searchlight/
- https://expertinsights.com/services/dark-web-monitoring/reviews
- https://searchsecurity.techtarget.com/feature/The-dark-web-in-2021-Should-enterprises-be-worried
- https://www.verizon.com/business/products/security/cyber-risk-management/threat-intelligence-service/dark-web-hunting/
- https://www.cisecurity.org/spotlight/cybersecurity-spotlight-the-surface-web-dark-web-and-deep-web/
- https://www.cisecurity.org/spotlight/cybersecurity-spotlight-the-surface-web-dark-web-and-deep-web/
Turn ideas into action. Talk to GEP.
GEP helps enterprise procurement and supply chain teams at hundreds of Fortune 500 and Global 2000 companies rapidly achieve more efficient, more effective operations, with greater reach, improved performance, and increased impact. To learn more about how we can help you, contact us today.
David Doran
Vice President, Consulting
David has over 20 years of experience in leading several large-scale consulting and sourcing engagements for transport and logistics at Fortune 500 companies.
A recognized leader in supply chain management and logistics, David plays a critical role in the design, sourcing and implementation of supply chain improvements to GEP’s global clients.
