If you read cybersecurity articles in trade publications, you will see mixed messaging around the value of dark web monitoring. Obviously, many vendors and thought leaders enthusiastically push the idea of dark web monitoring—especially if they sell products related to it. But the objections some in a few flavors that need addressing:
- “By the time you notice the information on the dark web, it’s too late.”
- “Only specific industries (such as financial services or healthcare) find value in dark web monitoring.”
- “Much of the information on the dark web is hidden from dark web scans.”
- “There is no way to take legal action if your information is found, so what’s the point?”
- “Assume your information is already on the dark web.”
- “The chance of finding any useful information is small.”
In other words, many excuses exist to downplay the importance of dark web monitoring, but these excuses both overestimate and underestimate its power.
First, let’s start with a definition of dark web monitoring and describe what it does—and doesn’t do.
Definition of Dark Web Monitoring
The dark web is a hidden part of the internet, usually accessed through a special browser (such as the Tor browser), mostly populated with illicit and illegal websites. People browse the dark web anonymously. While some people use the dark web legitimately (such as political dissidents in oppressive countries), many use the dark web for nefarious activity.
When companies monitor the dark web, they are not infiltrating groups of criminals and turning them into law enforcement. Instead, they are scanning the dark web for specific data such as:
- Stolen data records
- Stolen user credentials
- Breached customer data
- Possible insider threats
- Chatter about your specific organization
- Chatter about threats related to your industry
- Overall trends that may impact your organization (such as new kinds of malware)
Hackers find stolen credentials on the dark web and use those credentials to break into your systems. In many cases, other hackers have already done the hard work of stealing credentials and they look to turn a profit by selling them. Amateur hackers who want to avoid the hard work of stealing credentials just pay for them, multiplying the chances that someone will attempt to use them in a cyberattack.
When compromised information is found on the dark web, you can receive alerts and information that can help you take action such as:
- Changing compromised passwords
- Notifying employees about compromised information
- Notifying customers about a data breach that affects their information
- Enhancing your cybersecurity policies, training, and best practices
Countering Objections to Dark Web Monitoring
At this point, it’s useful to go back to the objections raised at the beginning of this article and address them one by one.
Objection: By the time you notice the information on the dark web, it’s too late.
Most organizations are not even aware that a dark web exists or that stolen user credentials are sold on the black market. For smaller organizations, this simple awareness is a big step toward understanding the nature of cyber threats in today’s landscape. It’s never too late to let an organization know that information important to their business is available to hackers—often at a low cost. And don’t assume that once credentials are compromised that threat actors have gained access to your environment.
The bigger problem is when your employees recycle credentials (using the same username and password for multiple services). This leaves uncompromised organizations susceptible to credential stuffing and credential spraying attacks (where hackers use automated tools for login attempts). Monitoring accounts on the dark web is the only way to detect credential recycling. Without this service, your organization is susceptible to these types of attacks.
The awareness of these threats often leads to organizations understanding more seriously why they need to implement cybersecurity best practices such as stronger password policies or multi-factor authentication.
Objection: Only specific industries (such as financial services or healthcare) find value in dark web monitoring.
While financial services or healthcare organizations may need to more aggressively monitor the dark web, all industries benefit from dark web monitoring. It’s not a high cost, and the scans keep you aware of threats and intelligence that may impact your organization—as cyber threats impact all organizations.
Objection: Much of the information on the dark web is hidden from dark web scans.
This is correct. Much of the information on the dark web is still hidden from the “good” monitors and scanners. However, this does not devalue the need to know about information that has been found. Letting an employee know about a password that has been used frequently may help them prevent a breach of your systems. It’s also a great way to help employees understand the need to use unique passwords.
Objection: There is no way to take legal action if your information is found, so what’s the point?
Yes, you cannot take a cybercrime ring down like the FBI. But you can notice that breached information is on the dark web and take action by:
- Changing breached passwords immediately.
- Implementing a stronger password policy.
- Confirming the theft of customer data.
- Understanding how cyberattackers are plotting to attack organizations in your industry.
Objective: Assume your information is already on the dark web.
This is a glib objection, a throwing of hands into the air. Don’t assume it. Confirm it. Your reaction will be quite different if you know for sure that stolen information is on the dark web versus assuming it. And while most of us do have information on the dark web, don’t you want to know for sure what information is out there?
Objective: The chance of finding any useful information is small.
This is like saying you’re disappointed in network scanning or antimalware tools because the chance of catching a cyberattacker in the middle of an attack is very small. Such dramatic moments happen often in movies but not real life.
The primary point of dark web monitoring is proactive and preventative. When combined with other tools, dark web monitoring makes sure you leave no cybersecurity stone unturned. If you find suspected credentials on the dark web, or even if you find nothing at all, it’s good to know.
---
Dark web monitoring is an essential part of an overall cybersecurity strategy—complementing other efforts by giving you information about breached credentials, threats, and cybercrime trends that may impact your organization. Benefits include:
- Reducing your risk of corporate identity theft
- Protecting yourself against targeted cyberattacks
- Protecting your organization against blackmail
- Educating employees about the nature of the dark web, stolen information, and credentials.
If you have questions about dark web monitoring and want to talk further, fill out the form below.