<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

Deep, dark and scary: The value of monitoring the web you can’t see

by Cybersprint Blog Jul 18, 2019

Most people aren’t aware of the difference between the surface web, deep web and dark web. In fact, most people aren’t even aware that the dark web in particular even exists. And yet, it’s below the surface that many of the biggest threats to personal and organisational data originate. This is why having a corporate digital risk protection strategy in place that counters threats which aren’t visible on the surface is so important.

Deep web threats: Legitimate beginnings

The deep web consists of websites and information that are often legitimate, or at least start out that way. These resources could include corporate intranets, educational networks or any number of different membership sites that require a login or other form of authentication. Unfortunately, it’s all too easy for criminals and hackers with malicious intent to hijack users from within these sites and redirect them to, for example, phishing websites or online stores selling counterfeit goods that also reside in the deep web. In this scenario, users are more likely to be taken in by a scam, because their starting point was within what they assumed was a safe online environment.

Murkier still: Threats from the dark web

If you can’t identify a website’s IP address, or the addresses of the people that visit it, everyone involved becomes essentially anonymous. Welcome to the unlit recesses of the dark web, a place which although useful for those trying to understand criminal activity, is even more valuable for those perpetrating it. Accessing the dark web requires the use of a browser or web tool that enables anonymous web access and communication. Content that can typically found in the dark web includes:

  • Shops for counterfeit or stolen goods
  • Marketplaces for buying people’s personal information
  • Hacking tutorials
  • Hackers for hire
  • Chatrooms for networks of criminals planning a coordinated online or real-world attack.

 The value of deep and dark web visibility

According to a 2018 report from the Ponemon Institute1, the average cost of a data breach is $3.86 million, with the likelihood of another breach occurring within two years running at almost 28%. The most serious breaches have operational and reputational impacts that go far beyond that. For example, when Danish logistics company Maersk was breached by the Nonpetya ransomware attack in 2017, it was not able to use its IT systems for 10 days, and had to reinstall 4,000 servers, 45,000 PCs and 2,500 applications in that time. The total cost of the attack was estimated at $300 million. Of course, a successful attack on this scale would be more than sufficient to put smaller companies out of business for good. That’s why the ability to identify and block potential threats wherever they originate can literally be priceless.

Giving cybercriminals nowhere to hide

It’s not difficult to see how threats from the deep or dark web can cause major headaches for corporate IT teams. But even with knowledge about where deep and dark web threats might come from and how to look for them, identifying them manually is simply not practical or cost-effective. That’s why an increasing number of organisations are turning to automated digital risk protection solutions to help them deal with these hard to spot risks.

The centrepiece of such solutions is a monitoring and alert capability, based on the scraping and searching of online marketplaces and websites that can be used for anonymous posting, among other tactics. Examples of threats that can be identified in this way include open but anonymised postings of:

  • Bank account and credit card details for sale
  • Requests for attacks against a specific company or high-profile executive
  • Suspicious forum conversations
  • Database dumps

Ideally, the implementation of a digital risk protection solution should be supported by a structured education and awareness program for employees. This can help limit the likelihood of inadvertent actions that may help criminals carry out attacks. These actions can include the publishing of sensitive personal or business data on potentially vulnerable corporate intranet pages, for example.

Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online. If you’d like to see what we can do, the first step is a free Quickscan of your company’s digital footprint.

Get your free Quickscan

1 2018 Cost of a Data Breach Study, Ponemon Institute & IBM

 

How to maximise productivity by minimising digital risk

Downtime, especially when it happens unexpectedly, is the enemy of productivity. Just ask Sony. When their online gaming platform was hacked in 2011, the service had to be taken offline for a month, resulting in unplanned costs of around $171 million, not including the reputational damage caused by 77 million user accounts being compromised. So, what can you do to prevent this kind of disaster?

read more

Help, where's my revenue?

It looks like your website. It feels like your website. It even works like your website. There’s just one problem: it’s not your website. It’s a fake, set up by cyber crooks to defraud your loyal customers by taking their money and delivering fake goods, or perhaps nothing at all. Not only does this kind of fakery have a damaging impact on your brand’s reputation, it also costs millions of dollars per year. And perhaps the most worrying thing of all is that setting up this kind of criminal enterprise is surprisingly easy to do. So what kind of solutions are there?

read more

Why Digital Risk Protection is an investment, not a cost

The days of IT being a sunk cost are over – at least they are for organisations that want to leverage the full power of digital transformation, while minimising the risks. This new reality applies to many of the ways in which technology supports the realisation of business goals – both offensively and defensively. And as business becomes increasingly digital, both assume ever greater importance.

read more

Do you have a question?

Our experts have the answers

Contact us