According to research from Symantec, 43 percent of cyber attacks are lodged against small businesses. Many of these attacks begin with tools and techniques available on the Darknet and end with hacked data posted for sale on the Darknet. Let’s look at some ways to protect your small business from being a Darknet victim.
What is the Darknet?
The Darknet refers to networks that are not indexed by search engines such as Google and Bing and are accessible only by using specific software. Black markets thrive in the Darknet, and hackers gather there to obtain ways to infiltrate businesses and sell this data in the Darknet marketplace.
However, it’s not just hackers that do business on the Darknet. Insiders have access to a wealth of corporate information, and they often turn to the Darknet to get paid for company and customer data.
Protecting Your Business from the Darknet
How can you protect against your small business becoming a target for sale on the Darknet? Follow these five tips to protect against hackers and insider threats.
Use DFA and strong passwords. Use dual-factor authentication (DFA), a two-step verification requiring an extra step for access. After a user types in his login ID and password, he’s prompted to enter a secret code. Hackers hate two-step verification because it prevents them from accessing some of the stolen email accounts they buy. When prompted for a secret code, a hacker has no way of knowing what it is. And the real user is notified of the fraudulent login attempt. In addition to DFA, mandate the use of strong passwords amongst your team members. This can be easily accomplished by using team or enterprise password manager solutions.
Create backups and have a recovery plan. Do-it-yourself ransomware kits are one item for sale on the Darknet. Ransomware attacks rely on encryption to enforce the payment of a ransom. In most cases, it’s impossible to crack the encryption. Instead, you must restore from a backup. Prepare for this possibility by performing regular backups to an offline destination. You should also periodically test your restore process to confirm it’s working before you need it.
Conduct periodic security awareness training. Train your employees on how to avoid email phishing and similar social engineering tactics. These scams can result in sensitive corporate data and customer data ending up for sale on the Darknet. Periodic phishing simulations are a good way to test your employees’ awareness and intervene to provide more coaching if necessary.
Keep software up to date. Ensure your business applications, operating system software, and antivirus software is up to date. Where possible, enforce the use of automatic update options within your software so employees can’t bypass the update process.
Consider cyber security insurance. Cyber attacks have a tremendous impact on small businesses: according to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked is $690,000. And the U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. In the event that attackers thwart your preparation and protection efforts, consider cyber security insurance to help you recover.
Between DarkNet and Sabotage: Inside Look at the DarkNet
Insider Threat Predictions and Trends: MaaS and the Darknet [Infographic]
How Insiders Drive Darknet Data Demand
Where Hackers Roam: Enter The Darknet