Curated Tech Content

Whether we are publishing our own original content or helping our partners get the word out about their technologies. We bring you the latest news, market trends and product innovation.

5 Key questions for your organisation about the Dark Web

What is the dark web?

The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.

Where do we find dark web data source locations?

• Dark Web Chatroom: compromised data discovered in a hidden IRC;
• Hacking Site: compromised data exposed on a hacked Website or data dump site;
• Hidden Theft Forum: compromised data published within a hacking forum or community;
• P2P File Leak: compromised data leaked from a Peer-to-Peer file sharing program or network;
• Social Media Post: compromised data posted on a social media platform;
• C2 Server/Malware: compromised data harvested through botnets or on a command and control (C2) server.

Some of our data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?

While employees may have moved on from your organisation, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organisation. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.

With most of our software tools moving to Cloud hosting, does this create more risk for my company’s IP?

There can be as much risk to your data within a Cloud environment as there is when it resides locally within your own servers. When researching Cloud providers and data centres, make sure you understand their compliance and certification with the security standards and protocols that impact your industry.

How can ASI Solutions secure my company against threats from the dark web?

ASI Solutions operates under the NIST (National Institute of Standards and Technology) Cyber Security Framework. This framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to your organisation.

IT risk assesment

ASI Solutions can provide a standardised approach to assessing IT risk within your organisation through our IT Risk and Security Assessment process.

The IT Risk and Security Assessment will result in the following outcomes;

  • A Consolidated (and detailed) Risk report
  • A Security Report Card
  • A consolidated IT Risk and Security Management Plan (i.e. how to remediate identified risks)
  • A hardware and software audit from machine-discovered hosts
  • To supplement the audit with warranty and license expiry dates.
  • To analyse security vulnerabilities both internal and external.
  • To review backup strategy and performance.
  • To provide recommendations on short, medium and long-term remediation paths.

Threats from the Dark Web are advanced, pervasive, and costly. At ASI Solutions we work with our clients to develop workforce cybersecurity awareness and implement customised security solutions to mitigate threats before they cause havoc to your business.