While cybersecurity firm RepKnight was founded back in 2011, the company recently broke onto the scene after uncovering which celebrities had fallen victim to the recent Instagram hack — something the social media behemoth itself was keen to keep quiet. RepKnight, however, was able to find the email addresses and phone numbers of some of the biggest A list stars like Emma Watson and David Beckham being openly posted for sale for $10 on the dark web.
Celebrities aside, RepKnight’s day job is to help businesses detect when their data has been posted on the dark web. I spoke to one of the company’s cybersecurity analysts about what the biggest cybersecurity threats are.
Here’s what he had to say.
1. So Patrick, how would you define the dark web?
The dark web is a part of the world wide web that can’t be indexed by conventional search engines like Google or Bing. And if it’s not indexed you’ll never find it using those same conventional search engines. You’ll often find that the dark web is a marketplace for many illegal items like firearms and drugs, and is being used by cybercriminals who are either buying or selling these illicit items.
2. You mention firearms and drugs, but what exactly does the dark web have to do with ordinary businesses?
Well, while two thirds of the dark web is made up of the sale of guns, drugs and other illegal products, one third of the dark web actually consists of something much more valuable to criminals — corporate data. The most common data we’re finding on the dark web in relation to businesses includes dumps of personal information like employee email addresses, leaked emails, client contact details and corporate login credentials.
3. How do cybercriminals tend to get their hands on all this data?
Cybercriminals are always looking for new ways to steal corporate data. One of the fastest-growing threats is phishing, whereby attackers send a scam email to employees duping them into handing over sensitive information such as usernames, passwords and credit card information. Often, these emails will look like they come from a legitimate source, which then lures the victims into trusting the links they click on. It only takes one compromised high-privilege account to provide the keys to the kingdom and the back door to your databases for exfiltration. Then there’s third-party breaches. Most companies outsource their data processing in one way or another, but often don’t realise that doing so can greatly affect the security of that data. If your third-party provider suffers a breach, then your data has the potential to end up for sale on the dark web. Exactly what happened to a well-known online payment provider recently.
4. So what industries would you say are most at risk of the dark web?
Every business in every sector owns data that has the potential to make a nice profit on the dark web — which could result in a large fine for the business if that data is breached. So, I’d have to say that every industry sector is at risk. Therefore, it’s vital that companies have the right tools in place to ensure that you discover the breach before any of the bad guys or the regulators discover it. Companies should be continuously looking for their data appearing outside the firewall, and promptly rectifying any leaks — much in the same way you might have physical security such as a security guard patrolling buildings, or CCTV monitoring offices and parks.
5. Looking more broadly, what effect does the dark web have on data breach detection?
So, data breach detection in Europe is actually quite poor. In fact, a recent study from FireEye found that the average time between a data breach and discovery in Europe is a staggering 469 days. The dark web really doesn’t make data breach detection any easier because the dark web is non-indexable. That’s why organisations should focus on keeping track of their data, as well as securing their networks. But now there’s technology available that enables you to continuously monitor for your data outside the firewall, which means that if you suffer a data breach that is openly discussed, shared or published, you’ll know about it within minutes.
6. In a few weeks, the GDPR will come into effect. What is the significance of the dark web in relation to the GDPR?
Once the GDPR comes into effect in May 2018, organisations will have just 72 hours to report a data breach once becoming aware of it. So, if your company data ends up for sale on the dark web, you need to know about it quickly so you can mitigate any punishments, which could be a hefty fine of up to €20 million or 4 per cent of your revenue. Uber, for example, failed to report a breach for an entire year. If this happened after the GDPR had come into effect, the company could have been looking at fines in excess of tens of millions of pounds.
7. So what can companies do to prevent this from happening?
It’s really important for businesses to invest in the right tools that can help them to find their data, no matter where it’s hidden. Having the ability to monitor the millions of dark web pages and the hundreds of dump sites being used by cybercriminals and then being able to filter and extract that information based on things like customer databases and employee email addresses, is a necessity for businesses. Thankfully, software like this is already on the market, which can alert you in real time when your data is being shared or discussed on the dark web. After all, the sooner you report a breach, the lesser the GDPR fine may be!
8. Is there anything else that businesses can do with its data to help them deal with data breaches better?
There are a couple of other ways to ensure that your data can be found on the dark web. The first is adding watermarks to your data. Watermarking works by adding dummy entries to your existing databases — for example CRM systems, HR databases and marketing lists — which you can use to detect your data being leaked. Another technique that you can use to identify your data is fingerprinting, where your data is analysed for unique patters that form an integral part of the dataset, such as the format of a customer reference number.
Patrick Martin, cybersecurity analyst, RepKnight
Image source: Shutterstock/Sergey Nivens