Cyber security is – or at least should be – at the very top of your concerns in the workplace, arguably even more so than its physical security. The technological landscape of the world is growing at a rate at which no one anticipated – data presents this well, ‘The total number of internet users around the world grew by 257 million in the past 12 months – more than 700,000 new users each day’. These numbers are truly astonishing, but there are negatives that come along with this kind of exponential growth – because the more web connected devices you have the more likely you are to be a victim of a potential business defining cyber attack. But we can’t blame the landscape for our vulnerability to attacks – the main reason for it is a severe lack in education on the potential threats that come from poor cyber security measures.
Cyber attacks often result in your sensitive data being distributed for free or, more commonly, sold on the Dark web. Undoubtedly you have heard of the Dark web as a dangerous place full of criminality, and you wouldn’t be wrong. Let’s explore it in more detail and explain the seriousness of your data ending up there.
The Dark web
The Dark web is used by criminals as a one stop shop for illicit activity, where they can buy, sell, and advertise illegal goods and services anonymously. Basically, it is a collection of small one-to-one networks that operate alongside the popular larger networks. The Dark web is no small venture by a couple of criminals though and is estimated to be roughly 5% of the size of the total internet, rapidly becoming a place for the criminal community to go about their business.
We’ve called it a ‘community’ but that doesn’t mean it is a nice place. It is a very dangerous – and most importantly – illegal place. If the worst was to happen and your data was to find its way on there, you are in for some serious and potentially business-defining problems.
So, let’s explore the ways your data could find its way to the Dark web.
Ransomware is software that is malicious in nature. It locks and encrypts your data. The cyber criminal responsible for the attack will then hold it to ransom, demanding money before giving you access back.
A Ransomware attack is particularly cruel. Your information remains on your computer, but it is encrypted and is completely out of your control. Cyber criminals are not stupid – they deliberately create a sense of urgency by giving you a time limit in which to pay the ransom, under the threat that they will delete all your data or – arguably worse – release your data onto the Dark web -some believe the threats and pay up promptly.
Why pay up? It is wishful thinking to believe that they are going to be true to their word – they are criminals after all! Often business owners are left out of pocket, without their data, and feeling rather silly. Or, in a slightly better outcome, you are granted access again – but, once having paid out, the cyber criminal now knows you are financially able and willing to pay so don’t be surprised if the process begins again.
A Phishing attack is when a cyber criminal uses fake/fraudulent emails to gain access to private information.
Emails are the choice of vehicle to allow them to carry out their attack by the use of malicious links. The cyber criminals use the email to manipulate the recipient into believing that the message is of high importance, and from a trusted source (the bank or a colleague, for example). The email is often based around a time sensitive subject to make the recipient act before thinking and click on – and open – the attachments or links, in the process inadvertently granting access to the cyber criminal.
Malware is designed with the intent of causing damage, destruction, and chaos or with the aim of stealing private data.
Malware is often designed and managed by a group of cyber criminals or hackers as opposed to a lone criminal. They are looking to make money from either selling the software over the dark web, or by spreading the malware content themselves. Whatever the method they choose to get the Malware onto your systems it will cause problems.
Malvertising is the process of injecting Malware into legitimate online advertising networks. It can also be the process of delivering Malware into visitors’ networks, allowing them to inadvertently capture the credentials.
Watering holes target a popular social media site or a corporate intranet and inject malicious software (Malware) into its code. This can also be done using the same method as Malvertising.
Web attacks scan the internet-facing assets in a company for any vulnerabilities – once having found them they are exploited to establish a foothold that gives them the ability to navigate the network freely until they find the company credentials.
Sometimes referred to as ‘man in the middle attacks’, hackers will intercept data that is being sent across an insecure network (public Wi-Fi, for example). Public Wi-Fi has very poor levels of security so be careful, because you are very vulnerable when using it. A relatively new method is the ‘rogue hotspot’, which involves the hacker setting up a public portal that imitates a nearby legitimate one – these hotpots can then be used to distribute Malware, direct users toward malicious sites, and listen in on web traffic, all without the user knowing they are on an illegitimate source.
Third-party tools can cause problems too. They are a common way for your credentials to find their way onto the Dark Web, often just because levels of security are simply not good enough.
Now we know some of the ways your credentials can find their way into the hands of cyber criminals and ultimately onto the Dark web, let’s take a look at the Dark web a little closer, why you should care if your credentials are exposed, and how to be best prepared in the eventuality of an attack that could lead to your data becoming exposed.
Your small business – secured
At Grapevine, our team of dedicated engineers can meet any technical challenge you may come across. We take our time in getting to know you, your business, employees, and your goals for the future so we can then find the best technological solution for you to guarantee constant security. Our years of experience leave us primed and ready with all the tools needed to ensure a top-quality service, now and into the future. Contact our team and let us start our journey together today.
Contact our team and let us start our journey together today.