Facing more sophisticated threats than ever before, information security policies have been increasingly focused on protecting sensitive data. However, despite best efforts to enhance such defenses, the effectiveness of evolving threats has taught us that it is not a matter of if business will be breached, but rather a matter of when they will be breached.
As there is no all-encompassing security solution, businesses must look to a multi-faceted defense that includes not only tools, products and services to protect sensitive data, but also an understanding of the darknet, where the vast majority of their compromised data will likely be found.
So, what is the darknet, and how does DARKINT fit into your cybersecurity defense strategy? Let’s quickly explore the parts of the internet with which we are more familiar for better reference.
The websites we browse each day make up only a small percentage of the internet. These sites, collectively known as the “surface web”, are visible and accessible through common search engines such as Google and Yahoo. According to estimates, the surface web makes up only about 0.03 percent of all content available on the internet, equal to roughly 19 terabytes of data.
Beneath the surface web, one will find the “deep web,” which is commonly mistaken for the darknet, but is actually a different entity entirely (which we’ll get to in a minute). The deep web is typically defined as internet content that cannot be found or directly accessed via conventional search engines.
A common example of the deep web would be a website or database that requires credentials – registration and login – to access. Your paid subscription to an online news site, your protected access to your personal banking information or your home or work server are also examples of the deep web. The deep web comprises a large percentage of all content found on the internet, equaling roughly 7,500 terabytes of data.
Below the deep web is the “darknet.” To access the darknet, one must obtain special tools that a regular internet user wouldn’t normally encounter. This includes a specific browser, network, and skill-set that only the technologically advanced or (rather determined) darknet seeker will be able to ascertain.
The darknet is was originally built by the U.S. military to (purposefully) hide the identities of users and thus provide an unprecedented platform focused on prioritizing anonymity for its users. Because of the way the darknet is built, estimating its size is very difficult. Thus, the percentage of the overall internet the darknet comprises as a whole is currently unknown.
While there are valid, legal uses of the darknet (such as a journalist protecting herself and her source through encrypted communication, or political dissidents communicating with each other), anonymity naturally attracts illegal activity. Accessing the darknet is challenging and risky, with obfuscated links, the easy ability to accidentally view illegal or illicit materials and transitory sites and content that come and go frequently – a precaution many illegal site owners take to avoid being caught.
Trade in illegal drugs and weapons, stolen credit cards, credentials, counterfeit documents and intellectual property are a few examples of what is typically found on the darknet. In addition, one can find chatter on planned attacks or breaches and the sharing of viruses, malware and vulnerabilities, as well as a host of other illicit topics.
WHY SHOULD BUSINESSES CARE?
When a business’s proprietary data is found on the darknet, it is time to act. If a business can shorten the timeframe to the detection of its sensitive data on the darknet, it can more quickly detect security gaps and mitigate damage prior to the misuse of that sensitive company data. The cost of mitigating a breach can therefore be lessened, and the potential for reputation damage or other losses can be minimized.
For example, when a financial institution uncovers a trove of stolen credit cards for sale on the darknet, it can notify customers by cancelling those cards and issuing new ones, working to stay ahead of a security incident involving payment card industry (PCI) protected data. The same is true when personally identifiable information (PII) is hacked — early awareness of this allows companies and organizations to mitigate potential damages before criminals can capitalize on the theft of the data. When a breach hits the media, it is disastrous to a company, and according to IBM, breaches like these can cost upwards of $4 million per incident.
While there are no guarantees in cybersecurity, it is important that organizations use all of the tools available to combat potential cyberattacks. Monitoring DARKINT is an important, emerging approach that should supplement your multi-faceted information security defense strategy. Understanding the role that the darknet plays in cybersecurity can help to keep you, your business and your data, safe.