With cybercrime one of the biggest threats faced by businesses today, risk professionals may see accessing the darknet as ‘putting your head in the lion’s mouth’, but a new report from tech association ISACA says that’s exactly what legitimate businesses should consider doing as part of their cybersecurity measures.
The darknet is like an underbelly of the internet compared to the public-facing web, and is mostly accessed by people who use it anonymously. The activities that take place there can be surreptitious and illegal. For example, personally identifiable information, often gathered via data breaches, can be sold on the darknet, possibly multiple times.
The tech brief from ISACA– an independent, global association focusing on knowledge and practices related to information systems – gives the lowdown on how the darknet works, and explains how, with the right support and protection, it can be a great source of information.
Why would legitimate companies want to access the darknet?
There are a number of reasons for legitimate companies to venture onto the darknet, supported by their risk managers and IT professionals. Firstly, it can be a very useful place for companies to gather business intelligence, including information on competitors, employees and leaked confidential or proprietary corporate information.
Secondly, forewarned is forearmed. Finding out what information is out there about your own company before it hits the headlines can be invaluable. According to Tim Singletary, business area manager for cyber risk services, Peraton(quoted in the report), “Companies have to be consistent about monitoring the darknet for company information before they think they have been compromised. When a hacker breaks into a company, he will gather as much data as possible, sift through it, cherry-pick what he wants and make money off it for a while. Only after that will he post it, possibly weeks or months after the hack.”
By monitoring hackers’ activity and conversations, it’s also possible to learn the techniques that hackers use to compromise businesses and which assets need extra protection, enabling a more effective defence.
How can enterprises protect themselves?
Accessing the darknet is not without risk and ISACA advises that businesses hire information security specialists before they embark on such activity. To mitigate the risks and maximise the benefits, they also recommend that businesses never access the darknet through a computer connected to the company’s network or which is important to the business. It can too easily become infected with malware or allow unwanted traffic. Any connection must be made from a secure environment.
Companies should be proactive and consider investing in staff or a third party to monitor the darknet for any company-related content, data, references or mentions. It’s important to remember that information may not appear on the darknet for months after it is stolen and therefore monitoring the darknet should, by no means, be the only security activity the enterprise undertakes.
Looking at the wider risks of both accessing the darknet and falling victim to hackers, the advice includes using basic security tactics that will be familiar to most risk managers, like creating backups, which are especially helpful in responding to ransomware demands. Companies should also prepare a disaster recovery plan, educate their employees and anyone linked to them (such as suppliers) about cyber risks and responses, whitelist and/or blacklist selected websites for access, institute multi-factor authentication and require strong passwords for accessing IT systems. They should also consider buying insurance as a back-up to their security practices.
Companies addressing the darknet need to be realistic about what it will achieve, and the report’s authors say that, at best, enterprises can monitor the darknet and respond if their information is offered for sale.
A key part of a complete cybersecurity programme
ISACA’s technical brief includes information from data company DarkOwl, whose research shows that 100 per cent of Fortune 500 companies in the USA are exposed on the darknet. DarkOwl says that in an age where data loss is virtually inevitable, it is critical to look at the darknet as a key part of a complete cybersecurity programme, enabling organisations to swiftly detect security gaps and mitigate damage prior to the misuse of data.
DarkOwl has created an index comparing the exposure of each of the 500 companies, and found that the sectors which have invested heavily in cybersecurity have, in some cases, smaller darknet footprints. For example, financial firms performed better than expected and as the frequent targets of hackers, this probably reflects their significant investment in cybersecurity in recent years.
An evolving threat
According to ISACA, new darknets are already starting to appear, with the same focus on illegal activities throughout the new iterations. To meet the challenge, businesses, risk managers and IT professionals must be proactive, consider the darknet a key part of their cybersecurity programme and keep their fingers on the pulse.