We have all seen news outlets detailing the latest “dark web” attack that showcases the impact of a cyber attack. This term has become bread and butter within our general knowledge of cyber security, and has been used by vendors, IT professionals and those within our sector since the conception of this mysterious quagmire.
The dark web holds a fierce reputation, but at Core to Cloud we want to unearth this term and look at why it may not be the correct description to use anymore, or focus on. Let’s shine a light on what it really is, what we can do about it, and why we need to talk about the bigger cyber security landscape and stop blaming the illusive “dark web”.
What is the ‘Dark Web’?
This is a good place to start as it may surprise you what the true definition of this sinister underbelly of the internet is. This term rose to glory during the 2010s where it began to grow its fiendish persona.
The “dark web” traditionally describes sites, forums, and content that reside on overlay networks rather than the traditional internet we interact with daily; these sites, often referred to as "hidden services" require certain web browsers to access such as Tor. It is a place where you hide things, or go to discover things that are not always above board (if you know what we mean) but not everything in there is illicit. You can also find BlackBox, the “dark web”'s alternative to Facebook which contains people commenting on each other's pet images and not just criminals.
There is another term that we need to highlight here, and that is the Deep Web. The Deep web is anywhere on the internet that is password protected, sat behind a paywall, or hidden from crawling. The deep web accounts for 96% and 99% of the content of the Net as it cannot and will never be found on any conventional search engine. An example of the deep web in action is when you sign into your bank online. The “dark web” makes up such a tiny fraction of the net overall, but it is part of the deep web as it is not indexed by search engines.
Why don’t we say ‘dark web’ anymore?
You may be thinking that we know all about this, what it is, what it does and where it is, so why shouldn’t we use the term “dark web” anymore?
The reason is simple, and it is because this is not the only place that these types of threats now emerge from. Cyber criminals and potential threats are sitting within a much larger area of our IT landscapes than they have ever been.
So when we just use “the dark web” to describe and highlight the types of threats that traditionally came from this area, we are actually doing a disservice to our own understanding of cyber criminals and cyber security threats. In reality we can use this term, but we need to understand that this is just one area we need to focus on, we need to take off our blinkers and look at the much larger landscape and threats that can impact an organisation.
How does the ‘dark web’ impact me?
The “dark web” has the potential to impact all of us, from individuals to organisations. Within the illicit things you can access or purchase within this realm an individual can buy passwords, usernames, credit card numbers and intellectual property or trade secrets.
As an organisation your main priority is to ensure that none of your data, or any of your information ends up within these forums and does not become available for purchase. You also want to know if your data or information ends up on the “dark web”, so you know you have been compromised so you can act accordingly to minimise the impact that this data loss or breach will have upon your organisation.
Organisations of any size can be targeted and their information sold or bartered for on the “dark web”. The size in essence doesn't matter, the target is chosen more on the opportunity or ease of attack. So staying up to date within all of your security processes will help you to not become a victim of this space.
The “dark web” does impact you, but it is not the only area that can leave us vulnerable, and is certainly not the only place that a cyber security threat could emerge from, and this is the key point. As cyber security has adapted and our IT landscapes have become more and more complex there are now other areas we need to keep a beady eye upon. So instead of just the dark web being the core place that the criminals lurk within, we need to make sure that we see the bigger picture.