Uncovering the Secrets of the Dark Web in the Financial Sector
By Cybint Solutions Posted 2mth(s) ago Reading Time: A few minutes
More often than not, when someone hears the words “dark web”, it’s likely their mind goes to a dark place. The dark web is often associated with illegal activities, from forged papers to hiring hit men. Despite its negative reputation, the "dark web" ultimately remains a legal resource for people to use - but not without its consequences.
While the dark web might not play a front-facing role in someone's daily life, there’s no doubt that it exists in the background. From leaked account information to confidential banking numbers, the dark web can be a scary place - especially for the finance sector.
To properly prepare a team against cyber threats and attacks that lurk around the corner, let's take a look at what exactly the dark web is.
What is the Dark Web?
First, it’s important to distinguish the differences in terminology between the three primary internet branches. It’s not how the Internet is structured, but it’s an easier way to explain and understand it:
The smallest part is called the "Clear Web" or "Surface Web", which we use everyday. It’s how you google the answer to that pressing question and is accessible to everyone.
Second is the "Deep Web". The deep web are the pages someone has access to if they have an account. Banking information, social media, corporate channels - anything that requires a personalized login and password qualifies as a part of the deep web.
Lastly we have the "Dark Web". It is a part of the internet, but the technology that allows access to it enables increased anonymity. This is often where the scary associations accompany the “dark web”. Hidden identity allows for criminal activity. While this is true, you should also consider this about the dark web:
1. Anyone can access it
Accessing the Dark Web is a lot easier than you think. There are a few dark web browsers and proxies that you can use, just as you would with Google Chrome or Safari, but the most notable of them is Tor. Tor, otherwise known as "The Onion Router" for all of the deep layers of the web, allows you to surf the dark web through multiple routing server connections around the world that are encrypted at each step. This allows users access while maintaining anonymity online.
2. Using the Dark Web won’t necessarily give you a virus, but it puts you at risk
Surfing sites on Tor alone shouldn’t cause you alarm, as you can use Tor to reach every website, including those on the clear web like Google.com.
However, using Tor to access dark web websites that offer data, goods or services, may put your system at risk, and may be illegal in many countries. In addition, while using Tor to protect your anonymity, you should avoid using any credentials or handles that may give away your real-life identity and make you a victim of fraud.
3. You can use it to actually protect your company
This might be surprising, but doing Dark Web due diligence on yourself or your company is a useful exercise. It’s important to know what information is out there for sale that could lead to misuse of data and theft. Knowing about your vulnerabilities is just one aspect of threat prevention. There are threat intelligence companies and cyber intelligence service providers that can conduct the dark web analysis for you.
How does the Dark Web affect the financial sector?
A part of the negative effects of the dark web comes from not completely understanding it. However, if companies educate their employees and give them a better understanding, there would not be as much to be afraid of! After all, things are less scary when you understand them.
Understanding the dark web’s complexities comes with understanding its threats to businesses. For one, there’s the risk of fraud. The dark web houses not just a couple of stolen credit cards, but millions of stolen credit cards and accounts. Throughout the years, billions of accounts and sensitive data pieces have leaked into the dark web.
Having stolen private information ruins personal lives and company reputations. Specifically for the financial sector which oversees valuable information about money day to day, it is important that all employees are trained to avoid hacking and fraud attempts from methods like phishing.
The effects of a data breach of the dark web are devastating, but not always immediate. The time factor almost makes a breach even worse, especially as stolen information piles up and the breach goes unnoticed. As information is leaked, sold, re-leaked and resold, it can slowly but surely damage clients’ lives and break the trust between an organization and its customers.
Let’s take a look at an example of a data breach of a big financial company: Capital One in 2019. A few years ago, Capital One was the target of a cyber hack that exposed sensitive information of over 100 million Americans and about 6 million Canadians. Dates of birth, addresses, social security and bank account numbers were all taken.
How did it happen? A former Amazon Web Services employee, Paige Thompson, found a vulnerability in Capital One’s security and exploited it. One person cost Capital One between $100 million and $150 million in 2019, and moreover had longer term effects on the bank’s reputation.
How you can protect your organisation
Data breaches have been on the rise for all industries across the globe from 2011 to 2020 – and they only continue to increase. No industry is immune, but the most targeted include finance, healthcare, and technology. External threats and human error are usually the main cause of these data breaches.
The financial sector in particular faces data breaches by external threats, as 63% of attacks are from cyber criminals who are motivated by monetary gain. Moreover, during the pandemic, the shift to work from home caused companies in all industries to rush cybersecurity policies, leaving employees vulnerable.
Since human error is a large cause of compromised data - whether it be due to phishing or some other means - it comes as no surprise that unprepared employees become the targets of hackers. The financial sector remains an attractive target because of the kind of information it collects. Data breach costs financial services almost US$6 million per incident - indicating that cybersecurity is not something to be taken lightly.
There are a lot of practical steps an organization can take to protect their teams’ and clients’ information. For example, limiting team and client access to valuable data such as financial information and portal logins. Regular software updates amongst team members and a comprehensive cyber breach response plan also keeps organizations prepare against cyber threats.
However, the best defense for any company against cyber attacks and threats is simple: education. When everyone on the team knows the basics of cybersecurity, they can recognize danger. It is important for companies to identify when and where it is safe to share information and apply the practical tools needed to prevent, detect, and recover from cyber attacks.
Getting familiar with cyber threats and cyber defense keeps accounts and credentials safe. Every person on a team is a potential target to hackers. After all, 95% of cyber attacks are caused by human error. Education empowers teams to avoid common yet dangerous threats, and keeps everyone safe - even on the dark web.