<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

Deep, dark and scary: The value of monitoring the web you can’t see

by Cybersprint Blog Jul 18, 2019

Most people aren’t aware of the difference between the surface web, deep web and dark web. In fact, most people aren’t even aware that the dark web in particular even exists. And yet, it’s below the surface that many of the biggest threats to personal and organisational data originate. This is why having a corporate digital risk protection strategy in place that counters threats which aren’t visible on the surface is so important.

Deep web threats: Legitimate beginnings

The deep web consists of websites and information that are often legitimate, or at least start out that way. These resources could include corporate intranets, educational networks or any number of different membership sites that require a login or other form of authentication. Unfortunately, it’s all too easy for criminals and hackers with malicious intent to hijack users from within these sites and redirect them to, for example, phishing websites or online stores selling counterfeit goods that also reside in the deep web. In this scenario, users are more likely to be taken in by a scam, because their starting point was within what they assumed was a safe online environment.

Murkier still: Threats from the dark web

If you can’t identify a website’s IP address, or the addresses of the people that visit it, everyone involved becomes essentially anonymous. Welcome to the unlit recesses of the dark web, a place which although useful for those trying to understand criminal activity, is even more valuable for those perpetrating it. Accessing the dark web requires the use of a browser or web tool that enables anonymous web access and communication. Content that can typically found in the dark web includes:

  • Shops for counterfeit or stolen goods
  • Marketplaces for buying people’s personal information
  • Hacking tutorials
  • Hackers for hire
  • Chatrooms for networks of criminals planning a coordinated online or real-world attack.

 The value of deep and dark web visibility

According to a 2018 report from the Ponemon Institute1, the average cost of a data breach is $3.86 million, with the likelihood of another breach occurring within two years running at almost 28%. The most serious breaches have operational and reputational impacts that go far beyond that. For example, when Danish logistics company Maersk was breached by the Nonpetya ransomware attack in 2017, it was not able to use its IT systems for 10 days, and had to reinstall 4,000 servers, 45,000 PCs and 2,500 applications in that time. The total cost of the attack was estimated at $300 million. Of course, a successful attack on this scale would be more than sufficient to put smaller companies out of business for good. That’s why the ability to identify and block potential threats wherever they originate can literally be priceless.

Giving cybercriminals nowhere to hide

It’s not difficult to see how threats from the deep or dark web can cause major headaches for corporate IT teams. But even with knowledge about where deep and dark web threats might come from and how to look for them, identifying them manually is simply not practical or cost-effective. That’s why an increasing number of organisations are turning to automated digital risk protection solutions to help them deal with these hard to spot risks.

The centrepiece of such solutions is a monitoring and alert capability, based on the scraping and searching of online marketplaces and websites that can be used for anonymous posting, among other tactics. Examples of threats that can be identified in this way include open but anonymised postings of:

  • Bank account and credit card details for sale
  • Requests for attacks against a specific company or high-profile executive
  • Suspicious forum conversations
  • Database dumps

Ideally, the implementation of a digital risk protection solution should be supported by a structured education and awareness program for employees. This can help limit the likelihood of inadvertent actions that may help criminals carry out attacks. These actions can include the publishing of sensitive personal or business data on potentially vulnerable corporate intranet pages, for example.

Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online. If you’d like to see what we can do, the first step is a free Quickscan of your company’s digital footprint.

Get your free Quickscan

1 2018 Cost of a Data Breach Study, Ponemon Institute & IBM

 

Comparing Germany's Digital Risk to Western Europe's

Cybersprint is expanding their services in Germany. The development and awareness of cyber security in the German markets is interesting to see. This inspired us to make a comparative analysis of the cyber-resilience between German organisations and those in the rest of Western Europe. Does the German approach to regulatory control and cybersecurity result in a noticeable difference?

read more

How banks can avoid biting in a phisher's hook

How do you rob a bank in 2019? Forget balaclavas, safecrackers and getaway cars. All you need is a laptop, some software and a little imagination. The result? A phishing “business”, which fools online banking users into thinking they are logging into their account, when they are actually giving away their login details to cybercriminals. Bank customers have always been the easy target in this kind of scam. A report from Kaspersky Labs found that almost 50% of phishing campaigns used this method. But as banks have improved their fraud prevention measures to protect their customers, the focus of the phishers has broadened to include the banks themselves.

read more

Cyber-resilience for government: how safe are you and your citizens?

As more and more public services go online, citizens need to feel they can trust governments with their data – especially those reluctant to start using digital versions of familiar services such as passport renewal or residency registration. Moreover, sensitive government documents and sensitive communication channels between departments and politicians need to be kept secure, even as cyberthreats become increasingly sophisticated and effective. Digital Risk Protection (DRP) solutions are a key element of cyber-defence strategies for public sector organisations when it comes to keeping citizens, politicians and their data safe.

read more

Do you have a question?

Our experts have the answers

Contact us