By Cody Lents, Partner and Customer Steward at COVI, Inc.
Merriam-Webster defines the Dark Web as: “The set of web pages on the World Wide Web that cannot be indexed by search engines, are not viewable in a standard web browser, require specific means (i.e. specialized software or network configuration) to access, and use encryption to provide anonymity and privacy for users.”
The Dark Web provides people with a level of privacy and anonymity that the internet we’re all used to does not. That may sound appealing, however, there are risks associated with using the Dark Web and it can be a hazardous environment unless one is well prepared for the potential online dangers.
The Dark Web comes with advantages and disadvantages, but using the space is never recommended.
Only about 4% percent of information can be accessed using search engines available on the conventional internet, also referred to as the Surface Web (what we’re all used to using all day, every day). The rest, which is not searchable on Google or Bing, is called the Deep Web.
The Dark Web is part of the Deep Web. The Deep Web consists of pages that are not indexed and can be accessed directly, while the Dark Web consists of pages and files that have been intentionally hidden and require specific software and protocols, such as the Tor network or the Freenet peer-to-peer platform, to access.
Anonymity is the main reason why people use the Dark Web. When you use the Dark Web, your information is protected from surface web spies, allowing you to browse without the worry of being traced or censored by authorities. Additionally, content found on the Dark Web cannot be found on the Surface Web, opening up a whole new world of content consumption for users.
You’ll likely hear a lot about Dark Web Monitoring around the holidays and commerce events such as Prime Day, Black Friday, and Cyber Monday. These are services that survey your information on the Dark Web and alert you when it is found. While there is value in knowing what has been leaked to the cybercriminal playground, these alerts often offer few, if any, actionable tasks to help you protect yourself.
For example, “Dear Mr. Covi, we’ve found your social security number on the Dark Web at example.org. Your information may have been released without your knowledge and is likely the result of a company’s data being hacked or breached.” – There is no actionable next step for you.
When the service or company you use for Dark Web Monitoring adds recommendations to your alerts, their value increases.
For example, “Dear Mr. Covi, there was a breach at www.thenexthackedcompany.com and your email@example.com email address was stored for that site. The breach included email addresses, passwords, and usernames. We recommend that you change your password for this site immediately and, if you use this password for other sites, change them as well.” – There are actions to be taken, but will you know how to take them and ensure that all necessary ones have been taken?
When the service or company you use for Dark Web Monitoring utilizes a layered approach to protecting your credentials and personal identifying information (PII), the alerts carry a similar value in and of themselves, but the management of the alerts elevates that value to protect your organization and your people by maintaining your cybersecurity risk posture and allowing everyone to stay focused on daily tasks and the meaningful work that aligns with your company’s mission and vision.
For example, “Dear Mr. Covi, there was a breach at www.thenexthackedcompany.com and your firstname.lastname@example.org email address was stored on the site. The breach included email addresses, passwords, and usernames. Our security team has sent links and instructions to the affected user(s) to reset their password(s) and has reviewed other known accounts for any repeated use, so that those can be reset, too.”
A layered approach to Dark Web Monitoring could look like this:
- Credential Management
- Dark Web Monitoring
- Credit Monitoring
- Fraud Protection
- Complex Password Policy Management & Enforcement
- Multi-factor Authentication (MFA) Enforcement with Single Sign-on (SSO)