For the uninitiated, it’s terrifying to learn that the majority of the internet ordinary people use every day makes up only a minuscule percentage of the overall internet.
Websites you see and use contain only 0.3% of the information stored on the internet. The number of existing sites makes it hard to imagine that there can be more out there, but most people never see lower than the tip of the iceberg.
Internet developers refer to the rest of the internet as the “deep web.” Thanks to media confusion of multiple terms, “deep web” conjures up images of terrifying marketplaces of illicit goods, amoral services, and criminal buyers and sellers.
Those people do exist and represent a significant criminal threat. However, the truth of the deep web and the dark web has more nuance and technical detail than that.
Websites and pages that search engines can’t access make up the overwhelming majority of deep web content. By strict definition, most uses of the deep web involve legitimate, private information used only by those with permission to access it.
The owners of sites and pages hosted on the deep web keep the pages private and accessible only to a small number of authorized individuals. These users either know how to access these pages through direct links on private servers or have them provided by the site owners.
The deep web makes up an enormous percentage of back-end internet use, so business and personal users alike have plenty of reasons to access it every day. Modern eCommerce, communications, and entertainment cannot function without the deep web.
If you checked your email this morning, you accessed the deep web, and so did everyone else who accessed their inbox or logged into a company server.
Checking your email inbox isn’t the first use of the deep web that most people think about. But public search engines don’t index your inbox, and public users can’t find your account if they look up your name on Google.
Emails are just one small part of the deep web. The media subscription services that provide on-demand entertainment also store their content on the deep web. If web goers could find the link to a movie with a google search, they’d have no reason to pay Netflix, Hulu, or Disney+ for their content.
Users can’t access their shows through a public search. They need to sign into their accounts with a private username and password. Once the surface website confirms their identity, it routes the user through the streaming service’s section of the deep web to get them the content they need.
Deep Web vs. Dark Web
The dark web is everything most people think of when they hear either “deep web” or “dark web.” It’s a strange combination of the two and a place very few people ever see.
Users behave much like they do on the surface web. They access websites to shop, chat, learn information, and so on. However, they can’t google the sites they want to visit. Trying to access the dark web risks never finding anything at all.
Instead, they need insider information to find the sites they want and access them directly. They take advantage of powerful encryption tools while they do to hide their identities. The people who made many of these tools, like tor and bitcoin, had lofty and noble goals for privacy. Unfortunately, many people misuse these tools.
These tools, and the dark web as a whole, have some legitimate uses. It hosts journalists in countries that limit freedom of the press and government whistleblowers unable to share their information through more public channels out of fear of persecution.
Unfortunately, the overwhelming majority of the dark web’s activity (which, again, is only a small portion of the overall deep web) revolves around the criminal marketplace. The dark web risks far outweigh the benefits for law-abiding citizens.
Organizations and people use the dark web to buy and sell:
- Illicit drugs
- Illegal pornography
- Criminal services like assassinations
Of greater interest to our enterprise clients, they also buy and sell stolen private customer information and trade secrets, along with the tools and tactics they used to obtain them.
Since large companies gather an equally large amount of big data to run a modern business built on informed decisions, they paint a target on their backs.
Cybercriminals know to target enterprises to steal personal information since these enterprises store the most data and have more employees. More people means more opportunities to find a weak link in the human firewall.
When cybercriminals succeed in a hacking or phishing attempt, the information they steal gives them a lucrative way to perform all kinds of financial and identity-based crimes.
Abuse of Personal Data
If hackers breach a database and spread the stolen information around the dark web, they expose the violated company to liability from thousands of customers.
The most serious data breaches involve stolen credit card and bank account numbers. If breaches are not caught and corrected fast, cybercriminals can run up thousands of dollars in fraudulent charges before customers notice and manage to freeze their accounts.
This recovery process involves minimal disruption thanks to the efficient indemnity procedures of most modern lending institutions. But serious breaches can lock up funds for weeks on end.
When that happens, customers blame the inconvenience on the breached enterprise for its negligent security and vulnerability rather than on the criminals themselves (who are difficult to catch at best).
This blame, whether your enterprise deserves it or not, exposes your company to a very serious risk of:
- Regulatory penalties
- Revenue loss from lost business
- Long-term loss of reputation
Your company might face even more serious risks depending on the kinds of information you store. Social Security Number theft opens the door for criminals to inflict far more severe identity theft on their victims.
Alternatively, if you record protected health information (PHI) as regulated by HIPAA, fines and audits for compliance failure follow in the wake of a data breach and add additional costs.
Even login credentials and email accounts, which seem easy enough to change, have severe consequences if stolen.
Since so many people use the same passwords and usernames for all of their accounts, a breach in a fairly mundane service can expose their social media, banking information, or investments. For this reason, hackers place a much higher value on Gmail accounts over other forms of personal information.
Because all kinds of personal data theft lead to very real consequences for the customer, you must watch for breaches with care and scour the dark web for any information that might have come from your servers.
Dark Web Monitoring
Dark web monitoring solutions don’t force real humans to dive into the unsavory and horrific parts of human communication. Instead, monitoring services automatically scan the premier dark web markets, chat rooms, forums, and servers to find stolen information.
Locating stolen information means the breach victims can:
- Assist law enforcement in tracking cybercriminals
- Find stolen customer and employee credentials to warn the affected parties
The latter is especially important since criminals can use employee credentials to access the deep web sections of your company’s networks, gaining access to:
- Larger sums of money
- Proprietary software
- Vast databases of customer information
- Trade secrets
Regular scans and the ability to catch breaches just after they happen also help enterprises take action for the people personally affected. Rather than victims finding out for themselves, a notification as a result of a scan means enterprises can:
- Learn what was stolen
- Learn when it was taken
- Take the next steps right away
Monitoring doesn’t just provide early detection. Sometimes it provides the only detection. The best cyber criminals don’t leave a trace of their presence on the servers they attack. Their victims learn about the breach only when notified by authorities — or worse, angry customers.
By finding stolen data right away, corporate breach victims can ensure every affected customer and employee receives notice to update their credentials, contact their card issuers, or work with the authorities to freeze their finances and SSNs.
Taking action fast and staying on top of breaches saves thousands of dollars. But what’s the best way to take action if you don’t know there’s a problem?
Touchstone Security Monitors Dark Web Risks So You Don’t Have to
Touchstone Security offers an effective, efficient security service portfolio, including a dark web scanning service. We locate information posted about your company throughout the dark web, tracking your business name and information posted about it to find what was leaked, who leaked it, and any other information.
By trawling through the dark side of the internet on your behalf, we shield your employees from having to investigate the worst of the worst and leverage our expertise to search through the most information in the shortest amount of time.
We notify you right away if we detect your company’s information so you can plug leaks and take action, helping you keep the information you store safe from future dark web risks and malicious actors.
Contact Touchstone Security today for a free trial.