Are Your Credentials for Sale on the Dark Web?
It may not surprise you that there are over 6 billion web pages indexed and searchable on the internet. But what you may not know is that search engines like Google, BING and Yahoo only “see” .04% of the Internet. The other 99.96% of the Web is known as the “Deep Web” – consisting of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because users can operate anonymously in the Dark Web, it has become a hotbed of illegal activity and is a repository for stolen data.
Most people don’t worry much about the Dark Web and are unaware of the risks it holds. The Dark Web has become a marketplace for buying and selling personal information, social security numbers, or medical histories.
Understanding the Risks
Since employees often use the same or variations of passwords for both business and personal websites, the risks to your business are real. The breaches that we read about every day on major sites like LinkedIn, Equifax, eBay, Anthem, Yahoo, Target, JP Morgan Chase, Home Depot and more become available on the dark web and can put your business at risk. Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by law enforcement — but by then, it’s too late. According to a recent study:
81% of hacking-related breaches leveraged either stolen or weak passwords.
62% of SMBs don’t have an up-to-date or active cybersecurity strategy in place.
60% of SMBs will go out of business within 6 months of a cyber incident.
Some of the data commonly stolen from breaches includes passwords, personal health information (PHI), social security numbers (SSN), and internal company data. The average cost of a data breach for an SMB is $120K. The amount spent on recovery varies for each business, but the end result is the same: recovery costs more than prevention.
What You Can Do to Protect Your Data
While the threat of a cyber security attack can be daunting, there are plenty of ways for your organization to prevent or mitigate threats from the Dark Web. Make sure you educate employees on how to spot potential risks with monitored phishing campaigns and training. Consider outsourcing your IT or augmenting your existing IT team with an ally to help prevent security issues. Installing anti-malware software and endpoint protection will help prevent attacks. Finally, stay away from the dark web. Work with a partner that can use simple credentials like email and domain name to see if they can find any of your company’s password or sensitive information on the dark web.
Attacks may be inevitable, but proactive monitoring of stolen and compromised data allows you to respond to a threat immediately to prevent a major breach. If you are like most small and midsize organizations and feel you are not where you need to be from a security standpoint, Logically is here to help. Start with a free dark web scan and find out if your company’s passwords are for sale on the dark web.