We live in a world that is more focused on cybersecurity than ever before. With the shift to widespread working from home, the pandemic has put a spotlight on security awareness. This is true in our professional lives to prevent company information from falling into the wrong hands, but it also has an impact on our personal lives. As consumers began to spend even more time online, companies in all industries rushed to supplement traditional sales methods and customer interactions with digital equivalents. This forced shift to focus on digital has created countless attack opportunities for cybercriminals. With news about data breaches and the sale of information on the dark web seeming to be an everyday occurrence, consumers have become unaware of the risks hackers pose, but this is largely due to a lack of awareness. At a time when much of the world is spending more time online and the risk of cyber threats is at an all-time high, it's essential that consumers know what they're up against. Our recent research found that 40% of people don't know what the dark web is, let alone how their data could be compromised. So what is the dark web and how do we make sure we know if our information ends up there?
The Unknown Side of the Internet
The dark web includes the parts of the internet that search engines like Google cannot access. Awareness is rising from horror stories about data breaches that have resulted in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. This is alarming when 80% of data breaches are the result of weak passwords and we reckon that 92% of Brits support password reuse despite being well aware of the consequences. Most people don't really understand the true scope of the dark web, with estimates ranging from 0,005% to 96% of the entire World Wide Web. That said, a recent study from the University of Surrey found that almost two-thirds (60%) of ads on the dark web have the potential to harm businesses. While not all of them are used for illicit purposes, the presence of such diverse networks of criminal activity means that consumers must protect their information with the caution it deserves. Stolen credit card numbers, counterfeit currency, and subscription IDs are among the items you'll find for sale on the dark web. In addition, you'll also find services for hire that include distributed denial-of-service (DDoS) attacks, phishing scams, and collection of operational and financial data. Clearly, a successful breach could have serious financial repercussions for businesses and consumers, not to mention reputational damage for the companies involved.Has your information been exposed?
Our research from last year already found that one in four people would be willing to pay to have their private information removed from the dark web, and that number rises to 50% for those who have been hacked. While only 13% were able to confirm if a company they interacted with was involved in a breach, the reality is that it's much more likely than you might think: since 2013, more than 9.7 billion records have been lost or stolen. of data, and that number continues to grow. Most of us would have no way of knowing if our information is for sale online. However, solutions now exist that proactively check exposed email addresses, usernames, and other credentials against third-party databases, alerting users to information leaks. Password managers are increasingly including this dark web monitoring feature, which shows which sites have been breached, as well as links for users to change exposed credentials. By keeping users informed if their digital identity is compromised, these tools help improve security awareness and highlight the risks of password malpractice.It starts with awareness
While detection is a critical part of the puzzle, staying ahead of cybercriminals starts with awareness. The human element is often the weakest link in the security chain, as people do not change default security settings or use the same password across different platforms in their work and personal lives. Additionally, not all employers have made it a priority to promote a security-conscious culture throughout their organization. Security is an ever-changing process rather than a one-off project, and people must work together to shape their security practices. Remote work will likely remain the norm for a large portion of businesses even as the world continues to reopen. The associated security issues will not only go away, but will likely increase as the online reader continues. With so many credentials on display available for sale on the dark web, we would all do well to renew our focus on cybersecurity. Using unique and randomly generated passwords across different accounts and investing in solutions with built-in privacy features is a good place to start.- Barry McMahon, Senior Director of Identity and Access Management at LastPass by LogMeIn.