Fighting Back against Cyber Criminals on the Dark Web

TruGrid blog image - Fighting back against

A data breach is a threat many corporations can’t afford to have happen. In a blog post on preventing corporate identity theft published in May, we pointed to a statistic in the 2017 Ponemon Institute Cost of a Data Breach Study, stating an average global cost of a data breach was $3.62 million. This staggering number is why some corporations that suffer a data breach never truly recover, further highlighting the need for robust and proven data security solutions.

Corporations need solutions that will guard against the myriad of sophisticated attacks that threaten them every day.

 The best data security solutions will include the following:

  • Built-in Two-Factor Authentication
  • End-to-End Encryption
  • Threat Detection
  • Identity Risk Monitoring (Dark Web)
  • Firewall Obfuscation

Companies that invest in TruGrid will benefit from all of these features in one secure, fully-integrated software product that ensures simple and protected workplace access. One of the tools we offer is called TruScan, a dark web scan and identity risk alerting tool.

Scanning the Dark Web for Threats

So what is the dark web? When you go on to your social media page on the web or shop online for goods or services, you are on the surface web. This is the web that includes public websites that are indexed by search engines so anyone can find and access them. This is the opposite of the deep web, which consists of sites that are hidden and not indexed by search engines. If your company has an internal intranet site, this is an example of a deep web site.

The dark web takes it a step further. Not only are sites on the dark web hidden; users that want to access them will need specific anonymizing software, configurations, or authorization to see them. Tor browsers are probably the most well-known tools used to reach the dark web. The dark web is used for very positive objectives, but also very negative ones as well. For example, on the positive side, an individual under an oppressive regime may use the dark web to relay information to a reporter.

However, the dark web could also be used to facilitate the sale of unlawful things, including information on computer system vulnerabilities and secret corporate data. These could be exposed by cyber criminals that hack into a corporation’s computer systems or by an insider within the corporation that is recruited or gives out the information voluntarily because they are disgruntled for whatever reason.

As Michelle Drolet points out in an opinion piece on dark web threats for CSO Online, the dark web isn’t as big as it is often portrayed, and there are viable ways to monitor the dark web. However, searching for mentions and trying to access closed forums may prove difficult and time-consuming, which is why more and more corporations are using dark web scan tools to see whether corporate data has been compromised.

And the risk goes beyond corporate protection. Many people use the same email/passwords for their banks, shopping accounts, social media accounts, credit card accounts, and more. If their corporate email and password become compromised, those accounts could potentially be compromised as well, making it extremely important to have a dark web scan tool that can catch issues before they lead to catastrophes on the corporate and individual level.

Why Is TruScan Different from Other Dark Web Scan Tools?

TruScan provides masked passwords (showing the first and last character) of compromised credentials, along with their email address, so you can validate if the current credentials passwords are being sold on the Dark Web. There are some dark web scan tools that offer the full password in their reporting. In our opinion, this increases security risks. For example, if a hacker was able to access that report with the full passwords and email addresses that were affected, the end result could be worse than the initial compromise.

Imagine paying for the most secure safe in the world and then accidentally leaving the paper with the combination on top of the safe for anyone to see. Once the information gets out, additional vulnerabilities could be discovered, causing a corporation many more headaches.

A dark web scan tool, like TruScan, can be an effective part of a broader Cybersecurity data protection strategy, geared towards prevention and mitigation of potential threats. For example, corporations should be training their employees on a regular basis on how to keep their data safe. Employees should be discouraged from using the same passwords for banking and shopping sites that they do for their corporate accounts. And if there is a hack, users should be advised to change all their passwords immediately to be on the safe side. Most importantly, using two-factor authentication is one of the most important methods to help prevent attacks. Two-factor authentication is included for free in the TruGrid platform.

To learn more about TruScan and how it works with the entire TruGrid secure platform, we encourage you to learn more and sign up today.