The Dark Web is a very real concern for today’s businesses. In recent years, it has redefined the art of hacking and, in the process, dramatically expanded the threat landscape that organisations now face. So, how do we begin to tackle the threats posed by the dark web? SC Media UK editor-in-chief Tony Morbin asked this question and more of a panel of security experts during a lively panel discussion.
The panel divulged some of the key threats that they had experienced over the past year. Lorraine Dryland, CISO, First State Investments, said: "One of the threats that has seen a resurgence is business email compromise. We’ve seen a return to more simplistic, less sophisticated attacks – spoofing emails and tricking people into divulging information."
"Yes, even SMEs are getting a lot of business email compromises – and a lot of that is coming from credentials floating around on the dark web. There are literally billions of usernames and password combinations available for sale," warned Jeremy Hendy, CEO at Skurio.
There has also been a rise in high-level impersonation, with Megan Carmichael, Third Line Engineer, Gratte Brothers Group, admitting "we’ve had people pretending to be CEOs emailing asking for financial favours and the like. It seems that the criminals are seeing all these barriers in place and have decided it is the human factor that is the weakest point".
Anthony Hess, senior director, Kivu Consulting, believes the dark web is an ideal breeding ground for ransomware attacks. "What we’ve noticed is a rise in ransomware and the massive costs that are associated with that. There are two things that have supported this rise. Firstly, it’s cryptocurrency and the ability it provides to anonymously transfer funds. And, secondly the tools and capabilities available on the dark web – and the communication and collaboration that that environment creates for cybercriminals."
The panel also discussed and debated other key concerns, including the different levels of criminals operating on the dark web, from sophisticated criminal gangs to entry-level criminals buying compromised passwords; the variety of tools available to protect your organisation, whether you keep your cyber-security in-house or outsource to an external provider; risk control processes; the dangers posed to staff using the dark web and the pros and cons of the anonymity it provides and more.