Education, monitoring and response tools, and training about the dark web are essential to protecting your small business from cybercriminals.
Being a small business used to be considered a digital bad-guy deterrent; unfortunately, that is no longer the case. Small-business owners, to their credit, are taking notice and enhancing the cybersecurity stances of their companies. That said, the dark web is not on the radar of many small businesses, and it should be.
What is the dark web?
The dark web is all about anonymity. "Much like the internet—or clearnet—that billions of people access every day from mobile and desktop devices, the dark web is a network of websites, forums, and communication tools like email," writes Dan Patterson in his TechRepublic article Dark Web: A cheat sheet for business professionals. "What differentiates the dark web from the clearnet is that users are required to run a suite of security tools that help anonymize web traffic."
And therein lies the rub: Cybercriminals, which are able to hide their identity and location while plying their trade, have made the dark web a hotbed of criminal activity. Figure A, provided by Brian Stack in his Experian post, gives you an idea of what's for sale on the dark web and for how much.
What's the problem?
Many small business owners have no idea the dark web exists. "A report by my company, Switchfast, (an IT-service organization that focuses on small businesses) found that 26 percent of small business employees don't even know what the dark web is, let alone the role it plays in exacerbating data breaches," writes Jim Anderson, CEO of Switchfast Technologies, in Entrepreneur. "Even worse, some small businesses might not even be aware they've been compromised until after their data has been bought and used by someone else."
There's more. "Even if small business employees know what the dark web is, accessing and navigating the internet's underbelly is no simple task," explains Anderson. "Once you've connected to it (dark web), you'll find that the dark web is messy and volatile, with websites constantly changing addresses to avoid becoming the victim of widespread malware."
How can small businesses protect themselves from the dark web?
The answer, according to Anderson, is to deploy dark-web monitoring and response tools. "By using these tools, companies can choose what identifiable information to monitor, and receive timely notifications when that data is discovered on marketplaces, bins and dump sites," adds Anderson. "This can help alert these businesses to breaches they may not even be aware of and shorten disaster recovery-response times to mitigate further damage."
What dark web monitoring entails
Javvad Malik, in his CSO online article Be afraid of the dark web - or learn to monitor it, offers insight into what dark-web monitoring involves. The first step is to gain access to a dark-web node, then acquire its data. "The method for doing so resembles traditional threat-intelligence gathering processes (as it combines both human elements and technology)," writes Malik. "Because most attacks against enterprises typically involve account or identity takeover, the most commonly sought after (and useful) forms of information are user credentials or personally-identifiable information."
With the data in hand, Malik advises the following steps:
Parse and normalize: The accumulated data needs to be parsed and normalized to allow sorting and direct queries. Malik also suggests, "This is a good time to deduplicate, and remove records that do not contain relevant data."
Validate: After data has been normalized and deduplicated, the data is validated to ensure it is accurate.
Refine and enrich: The data is ready to be used—many companies will opt for further refinement and enrichment to add contextual information that makes the data relevant to their organization and risk profile.
Monitoring the dark web is labor intensive, in particular for small organizations. To that point, Malik says, "It often makes sense to outsource the activity to a company that can monitor the dark web on your behalf, and provide alerts if any employee or customer data is being actively traded."
However, the work does not stop there. Malik suggests, in order to minimize any impact from an attack, companies need to have incident response and recovery procedures in place just in case an attack occurs and monitoring uncovers stolen data.
How can security training help?
Tech pundits advise that human error always plays a role in a successful cyberattack. The fact that more than a few small-business owners and their employees were unaware of the dark web becomes a good argument that additional training is needed. "Companies should implement regular training and security exercises," writes Switchfast's Anderson. "That way, they can reinforce security best practices among employees who might not even know how to approach or respond to a threat."