Is Monitoring the Dark Web the easiest way to Slow Down Cybercrime?

According to ITProPortal, the cybercrime economy could be bigger than Apple, Google and Facebook combined. The has matured into an organized market that’s probably more profitable compared to the drug trade.

Criminals use innovative and state-of-the-art tools to steal information from large and small organizations and then either use it themselves or, most typical, sell it to other criminals through the Dark Web.

Small and mid-sized businesses have become the mark of cybercrime and data breaches because they don’t possess the interest, time or money to set up defenses to protect against an attack. Many have a large number of accounts that hold Personal Identifying Information, PII, or intelligent property which could include patents, research and unpublished electronic assets. Other small businesses work directly with larger organizations and will serve as a portal of entry much like the HVAC company was in the prospective data breach.

A number of the brightest minds have developed creative methods to prevent valuable and private information from being stolen. These information security programs are, generally, defensive in nature. They basically set up a wall of protection to help keep malware out and the information inside safe and secure.

Sophisticated hackers discover and use the organization’s weakest links to set up an attack

Unfortunately, even the very best defensive programs have holes within their protection. Listed below are the challenges every organization faces in accordance with a Verizon Data Breach Investigation Report in 2013:

76 percent of network intrusions explore weak or stolen credentials
73 percent of online banking users reuse their passwords for non-financial websites
80 percent of breaches that involved hackers used stolen credentials
Symantec in 2014 estimated that 45 percent of most attacks is detected by traditional anti-virus and therefore 55 percent of attacks go undetected. The result is anti-virus software and defensive protection programs can’t keep up. The criminals could already be in the organization’s walls.

dark web links and mid-sized businesses can suffer greatly from the data breach. Sixty percent walk out business within a year of a data breach according to the National Cyber Security Alliance 2013.

What can an organization do to protect itself from the data breach?

For many years I’ve advocated the implementation of “GUIDELINES” to protect personal identifying information within the business. You can find basic practices every business should implement to meet up the requirements of federal, state and industry rules and regulations. I’m sad to say very few small and mid-sized businesses meet these standards.

The second step is something new that a lot of businesses and their techs haven’t heard of or implemented into their protection programs. It involves monitoring the Dark Web.

The Dark Web holds the trick to slowing down cybercrime

Cybercriminals openly trade stolen home elevators the Dark Web. It holds a wealth of information which could negatively impact a businesses’ current and prospective clients. This is where criminals head to buy-sell-trade stolen data. It is easy for fraudsters to access stolen information they need to infiltrate business and conduct nefarious affairs. An individual data breach could put an organization out of business.

Fortunately, you can find organizations that constantly monitor the Dark Web for stolen information 24-7, 365 days per year. Criminals openly share these details through boards, blogs, websites, bulletin boards, Peer-to-Peer networks and other black market sites. They identify data as it accesses criminal command-and-control servers from multiple geographies that national IP addresses cannot access. The volume of compromised information gathered is incredible. For example:

An incredible number of compromised credentials and BIN card numbers are harvested every month
Approximately one million compromised IP addresses are harvested each day
These details can linger on the Dark Web for weeks, months or, sometimes, years before it is used. An organization that monitors for stolen information can easily see almost immediately when their stolen information shows up. The next step is to take proactive action to clean up the stolen information preventing, what could become, a data breach or business identity theft. The information, essentially, becomes useless for the cybercriminal.

What would happen to cybercrime when most small and mid-sized businesses take this Dark Web monitoring seriously?

The effect on the criminal side of the Dark Web could be crippling when the majority of businesses implement this program and take advantage of the information. The goal is to render stolen information useless as quickly as possible.

There won’t be much impact on cybercrime until the most small and mid-sized businesses implement this kind of offensive action. Cybercriminals are counting on very few businesses take proactive action, but if by some miracle businesses wake up and take action we could see a major impact on cybercrime.

Cleaning up stolen credentials and IP addresses isn’t complicated or difficult knowing that the information has been stolen. It is the businesses that don’t know their information has been compromised which will take the biggest hit.

Is this the easiest method to slow down cybercrime? What do you this is the best way to safeguard against a data breach or business identity theft – Option one: Await it to happen and react, or Option two: Take offensive, proactive steps to get compromised information on the Dark Web and clean it up?