“Hidden” from search engines and only accessible via specialized software, the dark Web isn’t always used for malicious purposes, but it can be. Organizations and individuals face a variety of risks from activities originating from the dark Web, including data breaches, financial fraud, identity theft and the exploitation of security vulnerabilities.
Taking proactive steps can help businesses and individuals safeguard their digital assets and online presence. Below, 19 members of Forbes Technology Council share defensive strategies that can help organizations and individuals protect themselves and their assets from the dangers of the dark Web.
1. Run Tabletop Scenarios With Stakeholders
A focused strategy is to run tabletop scenarios with relevant stakeholders, simulating a scenario where elevated credentials are harvested. This approach addresses the attacker’s key strength: dwell-time. Create realistic attack vectors, develop response plans and measure times for detection, forensics, containment and remediation, adjusting processes to minimize latencies. – Abhijeet Mahagaonkar, Polychain Capital
2. Identify Compromised Credit Cards
A primary threat originating from the dark Web is card testing fraud. Financial institutions can employ dark Web monitoring to identify compromised cards and reissue them. E-commerce institutions can enhance security by implementing multifactor authentication, robust fraud detection for account takeover fraud and bot activity, and risk variable analytics. They can prevent fraud through transaction monitoring, CVV verification and challenge mechanisms. – Ranjitkumar Sivakumar, Amazon
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Sign Up For Reputable Monitoring Services
Don’t wait for someone to steal your identity! Dark Web monitoring services are like watchdogs for these secret sites. They constantly check for your information and tell you right away if they find it. This way, you can change passwords, keep an eye on your credit report and fix any problems before they escalate. – Sarath Babu Yalavarthi, JPMorgan Chase & Co
4. Adopt Zero Trust
To shield against dark Web threats, adopt a zero-trust architecture, ensuring all access is verified. Complement this with advanced threat protection to counter zero-day vulnerabilities, and integrate endpoint detection and response for continuous monitoring and swift threat response. This strategy comprehensively fortifies defenses. – Moshiul Islam Mishu, Enterprise Infosec Consultants
5. Engage In Emerging Trend Detection
Online safety is increasingly a priority for front-line customer support and trust and safety staff, just as it is for IT teams. Emerging trend detection helps companies stay ahead by spotting emerging threats such as misinformation and malicious activity via real-time alerts from the deep Web and the dark Web. This helps companies protect their brand integrity before a crisis occurs or damage is done. – Paula Kennedy Garcia
6. Implement Advanced Data Encryption
Implement advanced encryption for all sensitive data, making it unreadable and useless to unauthorized users who might access it via the dark Web. This significantly reduces the potential impact of data breaches. – Margarita Simonova, ILoveMyQA
7. Invest In Runtime Security
Investing in runtime security is critical to handling threats originating from the dark Web. Hackers will sell direct access to compromised networks on nefarious websites. The buyers then launch further attacks, such as ransomware. To ensure an organization is protected against such threats at all times, it is important to invest in runtime security, such as endpoint detection and response and extended detection and response. – Austin Gadient, Vali Cyber
8. Focus On Defense-In-Depth Controls
An organization has already failed once exfiltrated data has been published on the dark Web. Any response is purely reactionary at that point. Organizations must instead focus upstream by protecting the business with commensurate defense-in-depth controls. While the dark Web can provide insight into attacker sentiment, it cannot be the sole focus of a cyber strategy. – Mike Lefebvre, SEI
9. Leverage MFA And Pen Testing
I strongly recommend multifactor authentication with a minimum of three factors, including biometrics. Other important security measures include using phishing scanners; encrypting data at rest and in transmission; mandating strong, complex passwords; and storing data in secure database applications. Penetration and ethical testing of all software applications that host sensitive data is also highly recommended. – Valentine Wats, TEMSCONSU – (Excelitte & PMPplanner Brands)
10. Adopt Data-In-Use Encryption
The base layer of every cybersecurity measure for any kind of threat mitigation is encryption; everything else should be built on top of that. But traditional encryption methods are no longer sufficient. The new standard is data-in-use encryption, which allows an organization to process (compute, search, analyze and so on) encrypted data in use, not just at rest or in transit. – Ryan Lasmaili, Vaultree
11. Cultivate A Security-Focused Culture
Continuous education and training are not only vital for organizations to safeguard themselves and their employees, but are also among the simplest and most effective strategies. Cultivating a security-focused culture prompts employees to be cautious with unknown messages, fosters dialogue with security personnel and ensures a flow of updated threat information. – Neil Lampton, TIAG
12. Monitor Dark Web Forums
Monitor dark Web forums for leaked information about your organization using scanning services. Educate employees on cybersecurity, enforce strong password policies and implement multifactor authentication to reduce vulnerabilities. This proactive approach minimizes risks from the dark Web. – Roman Vinogradov, Improvado
13. Add AI-Powered Security Solutions
Much of the activity on the dark Web is the sharing and selling of phishing-as-a-service kits, stolen personal data to be used in phishing attacks, and tips and tools for exploiting generative AI platforms (for example, WormGPT) to fuel phishing attacks. Phishing is king. User training should play a role, but AI-powered security solutions are essential to block never-before-seen phishing attacks that employ evasive techniques. – Patrick Harr, SlashNext
14. Leverage Device Intelligence Technology
Fraudsters obtain legitimate login credentials and bank information through the dark Web. Device intelligence allows organizations to identify users exploiting this information. For example, this technology can flag unusual login locations and IP addresses or suspicious actions, such as unusually large purchases. This awareness allows companies to execute additional ID verification steps. – Dan Pinto, Fingerprint
15. Enhance Your Identity Hygiene
Enhancing identity hygiene is a key measure against dark Web threats. Regularly updating passwords, employing two-factor authentication and monitoring account activity can shield individuals and organizations from unauthorized access. This focused practice minimizes vulnerabilities, safeguarding personal and professional identities against exploitation. – Lior Yaari, Grip Security
16. Partner With A Vendor To Be Alerted To Breaches In Real Time
You need to know when your customers’ data is on the dark Web due to a data breach, because fraudsters can access stolen credentials to intrude into your digital ecosystem. Hire a vendor that offers near-real-time confirmation of breaches that impact your customers and can identify compromised attributes. In those instances, you can introduce more friction into the login process. – Christophe Van de Weyer, Telesign
17. Always Question The Inclusion Of Sensitive Information In Messages And Requests
Forget malware and ransomware—one of the most dangerous things being sold on the dark Web today is information. From Social Security numbers to home addresses, hackers will leverage all manner of personal information in order to make their messages more convincing. Always question why certain information is being included in a message or request, and ask yourself whether its inclusion serves a legitimate purpose or not. – Eyal Benishti, IRONSCALES
18. Implement Zero Standing Privileges For Employees
Credentials theft is a common consequence of dark Web marketplaces. Organizations must implement zero standing privileges for employees so that even if someone’s credentials are compromised, the hacker can’t do much. Implementing phishing-resistant, strong authentication measures (such as passkeys) also prevents hackers from stealing credentials. – Atul Tulshibagwale, SGNL.ai
19. Develop An Anonymous Web Presence Strategy
Develop an anonymous Web presence strategy to minimize digital footprints that attract dark Web activities. This involves using privacy-focused browsers, VPNs and secure email services for sensitive communications. Encouraging such practices among staff and within an organization’s operations can significantly reduce the risk of sensitive information being compromised and ending up on the dark Web. – Jagadish Gokavarapu, Wissen Infotech