Dark Web 101
You’ve heard the rumors. Let’s dig into the facts businesses need to know.
You may have heard about the dark web before. Accessible exclusively through third-party tools, the dark web is mostly known for its association with unsavory activity. One study, for example, pegged almost 57% of all dark web content as being illegal. It is also estimated that over half of the 2.5 million daily dark web visitors have engaged in criminal behavior.[i]
Businesses can’t afford to ignore the risk represented by this hidden swatch of the internet. Let’s explore what you need to know about the dark web and steps you can take to prevent it from being weaponized against your agency.
The internet iceberg
But first, let’s flesh out the structure of the internet so we can better orient ourselves to what we’re talking about when we discuss the dark web.
Just for a moment, imagine the internet as an iceberg. Many people know that the visible portion of an iceberg represents only a tiny fraction of its full size. The same is true for the internet. That visible portion includes the sites indexed by search engines – that is, any site you can visit by typing its name into a website like Google. Below this level is what is known as the “deep web,” which should not be confused with the dark web.
While both internet levels are inaccessible through search engines, the deep web includes many sites that you and I use every day. Your email inbox, for example, is part of the deep web, as are pages detailing sensitive information like bank accounts and medical records. While the numbers vary, it is estimated that the deep web encompasses a stunning 90-95% of the internet and is 400 to 500 times larger than the surface-level internet.[ii]
Underneath all this hidden yet perfectly legitimate content is the dark web. Not only is the content not crawled by search engines like Bing, Google or Chrome, but to access it, you need to employ a specialized internet browser called “Tor.” Designed for total anonymity, Tor lets users access the internet’s most hidden and illicit content while shielding their identities and locations.
A hive of scum and villainy
In the classic 1977 space epic Star Wars, Obi Wan Kenobi’s and Luke Skywalker’s mission to defeat the Empire begins by going to the Mos Eisley spaceport to recruit the roguish smuggler Han Solo. Prior to entering the town, Kenobi cautions the young farm boy about the potential dangers they will face, referring to the location as a “wretched hive of scum and villainy.”
In many ways, the wise jedi’s words are an apt description of the dark web. While the computer network can have legitimate applications, it is teeming with illicit activity. Bad actors frequently use the communication network for all sorts of crimes, including:
- Fake IDs
- Credit card fraud
- Selling business EIN numbers
- Offering trade secrets to the highest bidder
- Publishing hacker tools
- Buying and selling prohibited items like drugs or weapons
- Engaging in human trafficking
If that wasn’t enough, the dark web can be a minefield of cybersecurity risks including malware and other viruses.
Keep your business clear of the dark web
As with most cybersecurity threats, when it comes to the dark web, prevention is the best medicine. You can do a lot to keep your agency safe by deploying strong cybersecurity protocols and safeguards. Here are a few examples:
- Enact multi-factor authentication.
- Require your staff to adhere to best practices for creating and maintaining strong passwords.
- Consider using a dark web monitoring service.
- Update your programs and ensure you have strong anti-virus software in place.
- Instruct your staff to use a virtual network server or VPN whenever they are working remotely, which will prevent data interception by cybercriminals.
Final words Although most people will go their entire lives without having to worry about the dark web, it remains a significant threat to businesses, particularly in industries like ours that handle large amounts of personal data. Taking preventative measures now can decrease your risk profile and keep your firm’s sensitive information out of th