CEO Today Magazine January 2019 Edition

29 www.ceotodaymagazine.com The Dangers of the Dark Web highest bidder. They might sell the prime cuts to one person (a recent Experian report suggests that passports can fetch up to $2,000) and auction off the gristle to the hoard (a full package of customer information including account numbers fetches just $30). Lone wolves might use your intellectual property to buy influence with criminal gangs or to showcase their talents in order to secure a bigger and more lucrative commission. And while the criminals make deals, the vast majority of companies whose details are being traded bask in ignorance. A study sponsored by IBM suggests that it takes an average of 197 days for companies to become aware of a breach, never mind realise that their data is in the dark web shop window. Those who act within 30 days save an average of $1m in containment costs. With access to a ready market, criminals trading on the dark web are able to act very quickly and the message from IBM is that companies must follow suit. Despite being hidden from search engines and masking IP addresses using layers of encryption and multiple computers to relay messages, the dark web isn’t entirely a riddle, wrapped in a mystery, inside an enigma. There are ways to find out whether your company’s data is up for sale, and it is possible to take action. The question for many c-suite executives and their boards is what to do and who to trust? 1.Don’t mount your own search Without the right tools, combing the dark web is like looking for a needle in a haystack. It could expose your company to damaging malware and searching questions from the regulator. Cyber security consultants may be able to advise you on what information to search for and how to look for it. Ensure the company you work with shows you exactly what they’ve found. It is also worth asking for historic information present on the dark web prior to your commission. 2.Choose targeted tools Fully automated surveillance products monitor the dark web 24-7 for possible threats. However, those that cast their net too widely are likely to return an overwhelmingly large volume of alerts, few of which are real threats. The danger from such ‘false positives’ is that when the threat detection tool cries wolf, people stop listening. More advanced tools cross-reference and reinforce potential warning signs to filter out the false positives, pointing your company in the direction of the alerts you need to prioritise. 3.Commission wisely If you have in-house cyber- security expertise, you might simply want to commission a service that detects threats and sends notifications, so you can take action. If that’s the case it’s vital to create systems, pro- tocols and procedures that en- sure you can respond quickly and appropriately to high-level alerts. If you don’t have internal expertise or lack the capacity to respond rapidly you might choose to work with an organi- sation that immediately follows up if they discover that critical information or assets belong- ing to your company are about to be sold on the dark web. Be clear about their credentials and services and check out their response times. 4.Early warnings and post-breach analysis It’s possible to purchase early warning systems that act as a sort of burglar alarm. They let you know if someone is rooting around your systems, what they are looking at and how they got in. This information gives you an opportunity to focus your response on addressing specific, active threats before your company’s details end up on the dark web. Consider including post-breach analysis, advice and action as part of the commission. If the company you commission can find out how intruders got in, this will help you strengthen your systems and pinpoint the need for specific staff training/ awareness raising. 5.Brains and Bots Criminals operating on the dark web set up invite-only rooms which can be extremely difficult to access. Stolen data is sold in these rooms and the only way to get in is to pass a complex screening process. Humans tend to be better than bots or crawlers at accessing these rooms so consider organisations that employ experienced analysts for this purpose. They will attempt to remove posts or use tactics to disrupt the market and delay its sale. This buys your organisation time to change passwords and take other action to block access. 6. Think beyond your perimeter Companies are responsible for data that exists outside their company walls. For example, you might use a remote server, share information with partner organisations and suppliers or store customer data on a CRM platform. Protecting data within your perimeter is at best a partial solution and may leave you exposed to potential fines for non-compliance with data protection regulations. Some companies ‘watermark’ your information and are able to identify it on the dark web even if the breach occurred outside your perimeter. Prevailing wisdom suggests that by the time your data leaves the building it is too late. Why follow a criminal down a rabbit hole? What’s to be gained by getting low down and dirty with the kingpins of the criminal underworld? But prevailing wisdom isn’t always right. Incident response can pinpoint specific action based on timely intelligence. Creating a huge blind spot in your cybersecurity approach is a high-risk strategy. What you don’t know can hurt you, and what you do know can help you. If you know when your systems are being infiltrated, if you know how intruders got in and if you know where your data ends up you can start to take control. It’s never too late. For more advice about how Metro Communications can protect your confidential conversations and information, visit: www.cyberburglaralarm.com