Did you know that 60% of small-to-midsized businesses close their doors within six months of a cyber attack1? As IT experts, of course we have experience in disaster recovery, but what are the best ways to prevent it in the first place?
What is dark web monitoring?
Dark web monitoring services provide a proactive approach to data breaches. Instead of just waiting around for a cyber attack, dark web monitoring services scan the dark web for digital credentials like usernames and passwords. These credentials connect employees to critical business applications and online services. Criminals know this, and that’s why digital credentials are the most valuable assets found on the dark web.
What is the “dark web”?
The dark web is made up of digital communities that sit on top of the internet, and while there are legitimate purposes to the dark web, it is estimated that over 50% of all sites on the dark web are used for criminal activities, including the disclosure and sale of digital credentials1.
Far too often, companies that have had their credentials compromised and sold on the dark web don’t know it until they have been informed by law enforcement — but by then, it’s too late.
Once an attacker has your credentials, personal information, usernames, passwords, etc. they can:
- send spam from compromised email accounts
- deface web properties and host malicious content
- install malware on compromised systems
- compromise other accounts that use the same credentials
- exfiltrate sensitive data
- identity theft and credit card charges
Using our dark web monitoring scans, we have recently been seeing familiar names recurring in our breached domain reports. Do you have accounts with any of these?
Did you sign up for any accounts using your work email? The same work email you use to access business records? Payroll portals? Insurance accounts? Did you use the same password?
Eighty-one percent of hacking-related breaches leverage either stolen and/or weak passwords1. With your information, criminals can gain access to customer information, financials, payroll, social security numbers, etc. They can rack up astronomical charges to your credit card, they can send terrible emails on your behalf and they can publicly publish your information.
Fortunately, credit card companies have protective processes in place to forgive identity theft charges, and you can regain (often times buy back) access to company records (a costly and time-consuming process).
But, once a hacker has gained access to your account, they can impersonate you. They will message your contacts through email and social media and see who responds. It’s pretty easy to find out who your connections are once hackers have your information. They can review past conversations and see private information that is otherwise hidden through privacy settings. If they’re good, they can imitate your personality through the way they see you’ve communicated previously.
Perhaps they will interact with your coworkers, family or friends and ask them to send money. And, maybe they oblige. Now it’s not just you that is affected by your weak password because they scammed Grandma and Julie too. Now you’re all out of money, and need to clean up the mess.
Just because they gained access to your Facebook account, for example, doesn’t mean they won’t try that password in any other account you have. If you re-use a password, they will get into all accounts that use it. And what will they find?
Some hackers enjoy more than quick cash and will take it upon themselves to investigate your accounts and activity. They maintain a “Dexter mentality” and resolve to expose bad guys (well, what they define as bad guys). So, what will they find? Are you signed up with any disingenuous sites? Are you cheating on your spouse or regularly donating to a children’s hospital? If you’re cheating on your spouse, chances are they will feel compelled to share this information with interested parties and perhaps publicly.
And some hackers will simply manipulate your contacts to see what happens. Maybe they’ll get some money, maybe they’ll get some additional passwords and maybe they’ll spin a web of lies just for fun.
Attacks on networks may be inevitable, but proactive monitoring of stolen and compromised data allows you to respond to a threat immediately to prevent a major breach. In addition to maintaining strong passwords, we recommend dark web scanning for a proactive approach to cyber security.
If you’re interested in learning more about our dark web monitoring services, reach out to us at firstname.lastname@example.org or give us a call at 1.800.882.0253 and ask to talk to Stephen.
1 Dark Web ID