By Understanding the Dark Web, You Can Take a Proactive Approach that Helps Reduce Uncertainty and Improves Overall Cyber Resiliency
The anonymity offered by the Dark Web, accessed by TOR, creates a safe-haven for malicious actors and criminals. These are the same bad guys that have, or likely will soon, launch a cyberattack on your organization. With the seemingly endless list of security-should-do’s, there are three practical reasons why you need to include Dark Web intel in your mix.
When it comes to gathering intelligence on the Dark Web, what you’re really doing is quantifying what is being sold on the black market. Let’s start with the what. There isn’t a day that goes by that we don’t see commodities for sale that include customer email lists, credit card information, personal and healthcare information, fraudulent identities, product blueprints, exploits and vulnerabilities for sale and much more.
Through this intelligence gathering, you’re also seeing who the commodity was stolen from. Was it Home Depot? How about a government agency? Or maybe your credit union competitor was breached and now their credit cards are for sale? Either way, it should cause you to pay attention.
Knowing this information is much more than simply interesting; it’s foundational to what your security team does next and how you adjust your cybersecurity investments. It provides an immediate understanding of the current target profile of relevant threat actors and the specific vulnerabilities being exploited. In short, you know what is happening to whom, and how. What else will it tell you?
1. Discover unknown weaknesses. Intelligence gathered from Dark Web markets has the potential to reveal unknown weaknesses in security controls that would otherwise be overlooked. This information can be used to help prioritize cybersecurity program elements ranging from mitigation to countermeasures. It can also be used to prioritize security patching operations. For example, if you have 10 scheduled security patches to apply and you know that one particular vulnerability is actively being exploited by threat actors, then this information is valuable and can save you from a security incident.
2. If it happens to your competitor, you could be next. Dark web intelligence can be used to investigate victims that are similar to your organization and, therefore, you could be next. Cyber threat intelligence analysts can gain a better understanding of the targeted technologies and inform management. By focusing the avalanche of intelligence to your organization’s specific profile and technologies, security leaders can then feed this intelligence into the organization’s cyber program and proactively stay ahead of exercised vulnerabilities.
3. Learn the bad guys’ moves. Cyber criminals have digital footprints too. These footprints include their patterns, motives, attempted and successful threat vectors, and activities. Armed with this enhanced understanding, you can better assess your current security posture and make proactive adjustments based on the relevancy of active threats.
There are good reasons for taking advantage of Dark Web intelligence but we should also explore the challenges of collecting it. While organizations can certainly explore conducting Dark Web surveillance and intel on their own, many choose not to because it’s a blind spot in their overall security program or because of the inherent risks of accessing this information and the unknown legal risks that it may pose.
In addition to the potential legal risks, there are moral issues that have to be addressed by senior management and their employees. Asking an employee to interact with criminals is something that has never been dealt with before in the business world until now. This is unchartered waters for security and business leaders.
Dark web intelligence can be practical in the sense that you can gain visibility to stolen or breached information in a quick and efficient manner as opposed to waiting to be notified by external parties or the authorities. This alone has the ability to significantly reduce the time to discovery for breaches and lessens impacts to your organization. Knowing that your information has been breached is the first step in kicking off your incident recovery process.
By understanding your adversaries’ activity on the Dark Web – and using that intelligence to decipher their methods and minimize your risks – you can take more of a proactive approach that helps reduce uncertainty and improves overall cyber resiliency. You can better position your security defenses and, as an added bonus, provide a better return on investment for security controls and countermeasures.