We live in a world with more cybersecurity focus than ever before. With the shift to widespread work from home, the pandemic has put safety awareness first. This applies in our professional life to prevent company information from falling into the wrong hands, but it also has an impact on our private lives. As consumers began to spend more time online, businesses across all industries rushed to complement traditional sales methods and customer interactions with digital equivalents.
This forced pivot to focus on the digital has opened up countless new avenues for cybercriminals to attack. With news of data breaches and information for sale on the dark internet appearing everyday, consumers are desensitized to the risks posed by hackers ̵
At a time when much of the world is spending more time online and the risk of cyberthreats is higher than ever, it is important that consumers know what to expect. Our recent research found that 40% of people don’t know what the dark web is, let alone how their data could be compromised. What actually is the dark web and how do we make sure that we know if our information ends up there?
The unknown side of the internet
The dark web is made up of parts of the internet that cannot be accessed by search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being offered for sale, from passwords to bank account numbers to medical records. This is alarming when 80% of data breaches are due to weak passwords and we believe 92% of Britons admit password reuse despite being aware of the consequences.
Most people don’t really understand the true extent of the dark web. According to estimates, it ranges from 0.005% to 96% of the entire World Wide Web. However, a recent study by the University of Surrey found that nearly two-thirds (60%) of entries on the dark internet have the potential to harm businesses. While not all are being used for illegal purposes, the existence of such diverse networks of criminal activity means that consumers should protect their information with the caution it deserves.
Credit card numbers, counterfeit money, and stolen subscription credentials are among the items you can find on the internet. You can also find rental services, including Distributed Denial of Service (DDoS) attacks, phishing scams, and operational and financial data collection. It’s clear that a successful breach can have serious financial repercussions for businesses and consumers, not to mention the reputational damage it causes for all businesses involved.
Has your information been disclosed?
Our research from last year already showed that one in four would be willing to pay to remove their private information from the dark internet – and that number rises to 50% for those who have experienced a hack. While only 13% were able to confirm whether a company they’ve interacted with was involved in a breach, in reality it’s far more likely than you think – over 9.7 billion records have been lost or stolen since 2013, and this one Number only increases.
Most of us would have no way of knowing if our information is for sale online. However, there are now solutions that proactively search for email addresses, usernames, and other disclosed credentials for third-party databases, and notify users if any leaked information is found.
Password managers are increasingly closing in on this obscure web monitoring feature, displaying websites that have been breached and links that allow users to modify disclosed credentials. By keeping users informed when their digital identities are compromised, these tools help raise security awareness and highlight the risks of bad password practices.
It starts with awareness
While detection is an integral part of the puzzle, staying ahead of cybercriminals starts with awareness. The human element is often the weakest link in the security chain because people in their professional and personal lives cannot change the default security settings or use the same password on different platforms. Similarly, not all employers have made it a priority to foster a culture of safety awareness throughout their organization.
Security is more of an ever-changing process than a one-off project, and employees must work together to get their security practices in shape. Remote working is likely to remain the norm for a large segment of businesses as the world continues to open its doors. The associated security challenges don’t just go away, but are likely to increase as the online drive continues. With so many credentials exposed for sale on the dark internet, we would all do well to renew our focus on cybersecurity. Using unique, randomly generated passwords for different accounts and investing in solutions with built-in privacy features is a good place to start.
- Barry McMahon, Senior Manager Identity and Access Management LastPass from LogMeIn.