What is the darknet, and why should you care about it?

It’s a simple and frustrating fact: any company that stores data on a computer or uses online communication tools is at risk of cyber attack. We seem inundated with the ever-expanding news coverage on cybersecurity – the frequency of breaches and the costs of those breaches. What is a company to do?

Facing more sophisticated threats than ever before, information security policy has focused particularly on increasing the protection of the most sensitive types of data. Despite these best efforts to enhance defenses, however, the effectiveness of evolving threats has taught us that it is not a matter of whether a business will be breached, but when. As there is no all-encompassing security solution, businesses must look to a multi-faceted defense that includes not only tools, products and services to protect sensitive data, but also an understanding of the darknet.

Before we dive into what the darknet is and how it fits into a cyber security defense strategy, let’s quickly explore the parts of the internet with which we are more familiar. The websites we browse each day make up only a small percentage of the internet. These sites, collectively known as the “surface web”, are visible and accessible through common search engines such as Google and Yahoo. According to Michael K. Bergman, one of the foremost authorities on the darknet, the surface web makes up only about 0.03 percent of all content available on the internet.

Below the surface web is the “deep web”, which consists of content that cannot be found or directly accessed via conventional search engines. A common example of the deep web would be a website or database that requires credentials – registration and login – to access. Your paid subscription to an online news site, your protected access to your personal banking information or your home or work server are also examples of the deep web.  

Below the deep web is the “darknet”. The darknet is only accessible with special tools and is built  to purposefully hide the identities of users and guarantee anonymity. While there are valid, legal uses of the darknet (such as a journalist protecting herself and her source through encrypted communication, or political dissidents communicating with each other), anonymity naturally attracts illegal activity.

Accessing the darknet is challenging and risky, with obfuscated links, the easy ability to accidentally view illegal or illicit materials and transitory sites and content that come and go frequently – a precaution many illegal site owners take to avoid being caught.

Trade in illegal drugs and weapons, stolen credit cards, credentials, counterfeit documents and intellectual property are a few examples of what is typically found on the darknet. In addition, one can find chatter on planned attacks or breaches and the sharing of viruses, malware and vulnerabilities, as well as a host of other illicit topics.

When a business’s proprietary data is found on the darknet, it is time to act because that data has been compromised. If a business can shorten the timeframe to the detection of its sensitive data on the darknet, it can more quickly detect security gaps and mitigate damage prior to the misuse of that sensitive company data. The cost of mitigating a breach can therefore be lessened, and the potential for reputation damage or other losses can be minimized.

For example, when a financial institution uncovers a trove of stolen credit cards for sale on the darknet, it can notify customers by cancelling those cards and issuing new ones, working to stay ahead of a major security incident involving payment card industry protected data. The same is true when personally identifiable information is hacked — early awareness of this allows companies and organizations to mitigate potential damages before criminals can capitalize on the theft of the data.  When a breach hits the media, it is disastrous to a company, and according to IBM can cost upwards of $4 million per incident.

While there are no 100 percent guarantees in cybersecurity, it is important to use all of the tools available to help combat the potential of a cyber attack. Monitoring the darknet is an important, emerging approach which can supplement a multi-faceted information security defense strategy. Understanding the role that darknet monitoring plays in cyber security can help keep your business and their  data safe.

Mark Turnage is CEO of OWL Cybersecurity, based in Denver, which provides the world’s largest index of darknet content and the tools and services to efficiently find leaked or compromised data. For more information, please visit www.owlcyber.com.