Are You On the Dark Web?

You may trust that because you personally aren’t accessing the dark web, you don’t have anything to worry about. You don’t need to access the dark web to show up there, however. Dark websites do a brisk trade in sensitive personal information like leaked login credentials, financial account information, and Social Security and drivers’ license numbers. In this modern world, everyone is a potential target of criminal activity on the dark web. 

How does personal information end up on the dark web? 

The most common way an individual’s credentials end up on the dark web is through a data breach. Often, the targets of these attacks are companies that hold consumer data. Prominent recent examples include  

  • The AirAsia breach, which placed the names, birthdates, countries of origin, locations, and “secret question” answers of 5 million passengers and all the company’s employees in the hands of cybercriminals 
  • The Twitter breach, which resulted in approximately 200 million email addresses up for sale on the dark web 
  • The Norton LifeLock breach, the result of a suspected credential stuffing attack that compromised the password managers of thousands of customers 

These are just a few among many recent examples. With so many ways for criminals to gain access to your sensitive information, you might wonder how worried you should be. 

 I’m monitoring my company’s systems and training my employees about cybersecurity best practices. Is that enough? 

Most often, credentials are stolen via a breach of another business. When this happens, they’re often sold very cheaply on the dark web. These attacks are very prevalent, and it takes businesses an average of more than nine months to discover and contain a breach. This makes it likely that your information will be out there and sold off before you’re even aware of the compromise. As a result, it’s important to regularly change your passwords, especially those used to access internal company systems, to limit the damage that such a leak can cause.  

My business is so small, do I really need to be concerned about a breach? 

Unfortunately, small businesses are not immune to cyberattacks. In fact, Forbes reported that a 2021 study of millions of email addresses found that businesses with fewer than 100 employees experienced 350% more social engineering attacks than larger businesses. This includes practices like spear phishing and BEC attacks, which seek to manipulate employees into giving out sensitive information. Small businesses make attractive targets because they don’t have the resources to devote to cybersecurity that large organizations do. 

What can I do to protect my business? 

The reality is that your data is most likely already on the dark web. While you can’t entirely escape this danger, you can minimize risks to your company’s data and put a response plan in place for when attacks occur.  Additionally, utilizing a layered security strategy is important to minimize risk.  See our blog for more information about how to keep your credentials and data as safe as possible. The security experts at Pendello can help you understand your risks and vulnerabilities as well as best practices to keep your information safe.