The pandemic has ushered in irreversible changes to our lifestyles – the way we shop, travel and work is considerably different to how things were at the beginning of the year. Part of this change has seen us spend more time online, and this has unfortunately made us all more susceptible to cybercriminals. The move to widespread home working blurred the lines between our personal and professional lives, meaning security has become intrinsic to our daily lives.
To make things more complex, the methods used by hackers are always becoming more sophisticated. Businesses in every industry must therefore act to keep corporate data from falling into the wrong hands or they’ll soon suffer the consequences. Despite this, consumers are failing to bring their security habits up to scratch even amid rising numbers of data breaches and personal information for sale on the dark web.
Our research suggests that this indifference towards security may well be down to a lack of awareness – 40% of people don’t even know what we mean by dark web, let alone how their personal data could be compromised. It’s time we finally put a stop to this, so what is the dark web and how can we keep our information away from prying eyes?
An unknown side to the web
The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. This is alarming when 80% of data breaches are a result of weak passwords and we consider that 92% of Brits admit to password reuse despite being well aware of the consequences.
Most people don’t really understands the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a recent study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves.
Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.
Could your information be at risk?
Our research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web – and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think – since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.
Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.
Driving cyber-secure practices
While detection has a fundamental role to play in the fight again cybercriminals, prevention ultimately has a longer-term impact. Technological solutions are pivotal to this end, but the key to prevention is security awareness; for example, password reuse across multiple platforms at home and in the office simply won’t suffice. That said, employers have an equal part to play and a responsibility to drive cyber-secure practices across the organisation.
As the economy reopens, more and more people have begun returning to work. But the reality is many of us will continue working remotely even as we enter the new year. Security awareness must therefore become a priority to help put a stop to the heightened risk of data breaches. This requires a joint effort on behalf of every employee in every department – security risks are constantly evolving and businesses must be vigilant if they are to overcome the challenge. Employing basic password practices is a good first step and goes a long way in the quest to improve security hygiene. Technological solutions with integrated privacy features can then support and help to keep our personal information secure.
Contributed by Barry McMahon, senior manager of identity and access management at LastPass by LogMeIn