We’re living in a world with more focus on cybersecurity (opens in new tab) than ever before. With the shift to widespread working from home (opens in new tab), the pandemic has shone the spotlight on security awareness. This is true in our professional lives in order to prevent corporate information from falling into the wrong hands, but also impacts our personal lives. As consumers began to spend even more time online, businesses across every industry rushed to supplement traditional sales methods and customer interactions with digital equivalents.
This forced pivot to focus on digital has created countless new opportunities for cybercriminals to attack. With news of data breaches and information for sale on the dark web seeming like a daily occurrence, consumers have become desensitized to the risks posed by hackers – but this is largely due to a lack of awareness.
During a time where much of the world is spending more time online and the risk of cyberthreats is at an all-time high, it’s critical that consumers know what they’re up against. Our recent research has revealed that 40% of people don’t know what the dark web is, let alone how their data could be compromised. So what actually is the dark web and how do we make sure we know if our information ends up there?
The unknown side of the internet
The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records (opens in new tab). This is alarming when 80% of data breaches are a result of weak passwords and we consider that 92% of Brits admit to password reuse despite being well aware of the consequences.
Most people don’t really understands the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a recent study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves.
Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.
Has your information been exposed?
Our research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web – and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think – since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.
Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses (opens in new tab), usernames and other exposed credentials against third-party databases (opens in new tab), alerting users should any leaked information be found.
Password manager (opens in new tab)s are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.
It starts with awareness
While detection is a fundamental part of the puzzle, keeping ahead of cybercriminals starts with awareness. The human element is often the weakest link in the security chain, with people failing to change default security settings or using the same password across different platforms in their professional and personal lives. But equally, not all employers have made it a priority to drive a culture of security awareness throughout their organisation.
Security is an ever-changing process rather than a one-time project, and people must work together to get their security practices into shape. Remote work will likely remain the norm for a large proportion of businesses, even as the world continues to reopen its doors. The associated security challenges won’t simply disappear, but will likely rise as the drive online continues. With so many exposed credentials available for sale on the dark web, we’d all do well to renew our focus on cybersecurity. Using unique, randomly generated passwords across different accounts, and investing in solutions with built-in privacy features are a good place to start.
- Barry McMahon, Senior Manager of Identity and Access Management at LastPass (opens in new tab) by LogMeIn.
- We've featured the best password generators (opens in new tab).