Everyone knows that the 90 percent of the iceberg below water, the part you can’t see, is the portion that can rip through the hull of a boat like damp paper. The dark web is the internet’s version of the submerged iceberg, and what happens there has the potential to sink companies that don’t take action to safeguard their systems and customers from this unseen threat.
Yet 85 percent of companies surveyed by the Ponemon Institute don’t subscribe to a dark web monitoring service, according to our 2016 Data Breach Preparedness Survey. By overlooking the threats that could emerge from the dark web, these companies are leaving themselves at risk of experiencing a data breach or other cyber incident.
Defining the dark web
The World Wide Web is a portion of the internet, and the web has three basic layers:
- The surface web is the portion easily seen, accessed and used by billions of people around the world every day.
- The deep web is not indexed, and so is inaccessible to those who search with traditional search engines. By some estimates, the deep web is 4,000-5,000 times larger than the surface web.
- The dark web is even harder to access, although new tools are making it easier. This is where people around the world can conduct illegal activities with little fear of detection.
Some parts of the dark web can only be accessed with special browsers and software, while other parts are easily accessible, without the need for specialized tools, if you know which words to search. While the dark web has long served as a marketplace for illicit goods and services such as drugs, guns and human trafficking, it is also a clearinghouse for stolen data. In fact, according to a report by McAfee, criminals can purchase data like email passwords or bank account user names for as little as $1, while high-quality credit card information costs only $30.
The hidden nature of the dark web is not a pass for companies to ignore the threats that can erupt from it. If a data breach or other cyber incident occurs, exposing your customers’ personal information, the fact that the incident originated from the dark web will not relieve your regulatory responsibility to protect and notify affected consumers.
It’s imperative that companies take steps to protect their systems and customers from threats originating in the dark web, including:
- Establish a strong cyber defense as a first line of protection. Create strong passwords, keep software and systems up-to-date, and train employees on cyberthreats.
- Enroll in business credit and dark web monitoring that can help mitigate the risks of a breach. Dark web monitoring services have the knowledge and wherewithal to track and detect threats emerging from the deepest parts of the internet.
- Be prepared to offer affected customers identity protection services when an incident occurs; 63 percent of consumers want identity theft protection following a data breach, according to the Aftermath of a Mega Data Breach report by Ponemon.
While many companies are doing a credible job of addressing cyberthreats they can see, it’s just as important to be prepared for the ones you can’t easily detect. Failing to take steps to protect your systems and customers from dark web threats is like sailing your boat too close to an iceberg because you forgot about the 90 percent of the iceberg you can’t see.