Don’t get tangled in the dark Web
The dark Web is a hotbed of criminal activity. It is where sensitive business and personal information, credit card details, guns, illicit drugs and even people and body parts are sold. So it goes without saying that the average person does not want to be tangled up in the dark Web. Yet, personal information such as bank account details, credit card information, ID numbers, home addresses, e-mail addresses and other personal identifiable information is finding its way onto the dark Web.
“If your personal information is on the dark Web, it is because someone took it without your permission and put it there. Believe it or not, your information is valuable,” says Douw Gerber – Business Development Manager at leading South Africa-based managed IT security services company, Securicom.
He explains that the dark Web is an underground network of untraceable Web sites and online activities. To access these, specialised software and configurations are needed. This means that the dark Web is largely hidden from the average user. The illicit trade and activities that abound on the dark Web are reserved primarily for criminals who want to keep their work hidden.
Stolen personal and financial information is big business for cyber criminals. This information is used by criminals for fraud or, worse still, identity theft. For victims, the loss of sensitive or confidential information can lead to financial losses or identify theft. Companies can also lose money while suffering reputational damage as well as penalties should the breach of information be in violation of government or industry compliance regulations relating to the protection of personal and sensitive information.
A 2019 study, Into the Web of Profit, conducted by Dr Michael McGuires at the University of Surrey, shows the number of dark Web listings that could harm an enterprise has risen by 20% since 2016.
Data breaches of public Web sites are happening all the time. In the last few weeks, a major South African hospital group was the victim of a cyber attack, where it is alleged that personal identifiable information of customers may have been compromised.
“This doesn’t only happen to large enterprises that are in the news. It happens to small businesses and individuals too. Do you use Dropbox? Sixty-eight million Dropbox user accounts were compromised in 2016.
"Individuals and small businesses are the worst hit because they often don’t have sufficient IT security processes and procedures in place and they don’t have the skills to deal with the breach, so they end up losing valuable data or money,” says Gerber.
Cyber criminals have an array of ways of stealing information from people and companies. They hack into networks and accounts, they use spyware and other malware to capture passwords and user credentials, and they use phishing scams. Once they have got their hands on the information they want, they can use it for their own financial gain.
“Information is sold to the highest bidder or made freely available on the dark Web to be traded between bad actors. Any personal identifiable information that can be used to impersonate you or used against you in a cyber attack is valuable to them,” Gerber adds.
Poor network and endpoint security, and poor end-user security awareness contribute to the increasing number of data breaches and growing volume of stolen information being traded on the dark Web.
“A monitoring tool can help you keep track of your personal information. If your information lands up on the dark Web, there is not much you can do to get it off. However, knowing that it is there can better prepare you in the event of an attack. Obviously, changing passwords would be a step in the right direction,” recommends Gerber.
He stresses that everyone, from individuals and small businesses to large enterprises can benefit from effective cyber security awareness training.
“Get educated about cyber crime and understand the risks of engaging and transacting online. This will help to reduce your risk of becoming a target, and if you are targeted, you will be able to recognise that you are being attacked and take steps to stop it.”
uSecure – a new managed service offering from Securicom – is a user focused, cloud-based security awareness training platform to drive secure user behaviour to reduce risk. The uBreach functionality within the uSecure platform can quickly identify exposed employee e-mail accounts and identities that have been publicly disclosed online via third-party data breaches. Because uSecure is offered on a subscription basis for as low as R21 per user per month, it is affordable to companies of all shapes and sizes.
Securicom is offering a complimentary employee risk assessment (ERA) to companies to get them started. The ERA report identifies employees’ current risk level to internal and external threats through calculating reality-based metrics, including their current susceptibility to targeted phishing attacks as well as identifying data that is stolen or exposed on the dark Web.
Securicom provides best-in-industry, cloud-based Managed IT Security Services to address the increasing and ever evolving security threats that businesses face. Its partnerships with leading, global technology providers, combined with extensive experience in building and delivering locally hosted security services, ensure that its partners and customers can benefit from state of the art IT security, regardless of their size or number of users. Securicom’s solutions include email, endpoint and web protection, network security and cyber security monitoring. Securicom has offices in Johannesburg, Cape Town and Namibia; and has customers across the globe. For more information on Securicom, please visit www.securicom.co.za.