Halloween is coming and most of us are looking forward to haunted houses, scary movie marathons, and spooky decorations. October is about more than the candy, costumes, tricks and treats for IT teams and cybersecurity experts – it’s National Cybersecurity Awareness Month.
For IT teams, spooks and scares don’t just happen in October. Cybersecurity teams work year-round to keep their networks safe from malware, phishing attacks, cryptojacking, business email compromise, IoT threats and the dark web. The Dark Web is the sublayer of the Internet hidden from conventional search engines such as Google, BING and Yahoo. This sublayer allows users to operate anonymously and, because of this anonymity, holds a wealth of stolen data and facilitates illegal activity. The Dark Web is estimated to be 550 times larger than the indexed or “surface Web” with over 50% of all sits on the Dark Web estimated to be used for criminal activities.
You may think – "I have firewalls, anti-malware protection and two-factor authentication…the Dark Web doesn’t scare me", but even with the right security measures in place no one is immune from a breach. At the end of September Facebook announced that 50+ million user accounts were affected by a security breach and last week the Dark Web ID cybersecurity division confirmed that individual account information associated with the breach is not being sold on Dark Web markets.
- 39% of adults in the U.S. using the same or very similar passwords for multiple online services
- 80% of hacking-related breaches leverage either stolen and/or weak or guessable passwords
- 85% of businesses with <1000 employees have been hacked, and most don’t even know it
- 2 BILLION email account credentials and 85 MILLION stolen PII records are for sale on the Dark Web
- Over 75% compromised credentials are reported to the victim organization by a third party, such as law enforcement
The digital credentials we use every day to connect to our critical business applications and online services, such as our usernames and passwords, are among the most valuable assets circling the Dark Web. Many companies don’t know they have had credentials compromised and sold on the Dark Web until after it’s too late. Compromised credentials are used by cybercriminals for additional criminal activities, such as identity theft or breaching of sensitive corporate information. Attackers can use compromised credentials to:
- Send Spam from Compromised Email Accounts
- Deface Web Properties and Host Malicious Content
- Install Malware on Compromised Systems
- Compromise Other Accounts Using the Same Credentials
- Exfiltrate Sensitive Data (Data Breach)
- Identity Theft
LookingPoint is committed to providing our customers with the most advanced cybersecurity solutions and services available. Earlier this year we added a new tool to our portfolio – Dark Web ID. Dark Web ID is the first commercial solution designed to detect compromised credentials on the Dark Web in real-time. Dark Web ID provides 24/7/365 searching, monitoring, and reporting for compromised credentials associated with your company on the Dark Web before critical assets are compromised, used for identity theft, data breaches or other cybercrimes. Coupling Dark Web ID with a layered security approach, we can help your organization reduce the likelihood of compromised credentials and the impact on your organization should your credential be compromised.