With cyber-attacks becoming the No. 1 risk to business, brands, operations and financials (source: SonicWall 2018 Cyber Threat Report), one may wonder what is the attacker doing with the data that he now possesses. The answer may just be the Dark Web.
In a webinar held in partnership with our cyber security partner, Paul Jackson, Kroll’s Asia Pacific Leader on Cyber Risk, shared that the Dark Web is, in fact, a broad term for a collection of sites which may look very much like the sites on the visible web that we are familiar with.
Paul Jackson likened the Internet to an iceberg with three layers of visibility.
The top layer, “Surface Web”, refers to websites that are accessible via a search engine such as this Chubb website that you are at now.
The second layer, “Deep Web” refers to the websites that contain proprietary data that is accessible to a selected group of people. Examples of this type of sites are a company’s intranet, subscription-based publication, and academic or government databases.
The deepest layer is the “Dark Web”. Websites in this layer can only be accessed via a Virtual Private Network (VPN). The visits to these websites are encrypted and the use of a VPN hides your identity, providing the much sought-after anonymity. As you can imagine, this is the “underworld of the Internet”. Stolen data from company networks, such as customer personal information, healthcare records and so on, are some of the types of data commonly sold on the Dark Web for a profit.
Despite knowing that this “underworld” exists, it is difficult to investigate and penetrate the Dark Web. This is because many sites and forums on the Dark Web provide access to a very carefully selected group of users. Users may have to complete tasks given by the administrators or, in some cases, be required to have had committed crimes! The sites are also hosted on “bullet proof” servers that are not easily accessible. These features, coupled with the technical know-how of accessing the Dark Web, ensure that it maintains its secrecy and the anonymity of its users.
The existence of the Dark Web provides a breeding ground for these cyber attackers. As the saying goes – prevention is better than cure. Instead of negotiating for the return of the stolen data, or waiting for long-drawn legal battles or investigations, organisations and individuals should be vigilant with how their data is stored and used by anyone who comes in contact with it. Read the next article in this series to learn more about the top 10 gaps in cybersecurity and how you can avoid being a victim.
Learn how criminals use the dark web, the myriad exposures it creates and why it’s important for organiations of all sizes to understand this digital underworld.
© 2022 Chubb. All rights reserved.
No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.
Disclaimer - All contents of this article are intended for general information/guidance purposes only and not intended to be an offer or solicitation of insurance products or personal advice or a recommendation to any individual or business of any product or service. This article should not be relied on for legal advice or policy coverage and cannot be viewed as a substitute to obtaining proper legal or other professional advice, or for reading the policy documents. You should read the policy documents to determine whether any of the insurance product(s) discussed are right for you or your business, noting different limits, exclusions, terms and conditions apply in each country or territory, and not all cover is available in all countries or territories.
Contact us to find out how we can help you get covered against potential risks