With cyber-attacks becoming the No. 1 risk to business, brands, operations and financials (source: SonicWall 2018 Cyber Threat Report), one may wonder what is the attacker doing with the data that he now possesses. The answer may just be the Dark Web.

In a webinar held in partnership with our cyber security partner, Paul Jackson, Kroll’s Asia Pacific Leader on Cyber Risk, shared that the Dark Web is, in fact, a broad term for a collection of sites which may look very much like the sites on the visible web that we are familiar with.

Paul Jackson likened the Internet to an iceberg with three layers of visibility.

The top layer, “Surface Web”, refers to websites that are accessible via a search engine such as this Chubb website that you are at now.

The second layer, “Deep Web” refers to the websites that contain proprietary data that is accessible to a selected group of people. Examples of this type of sites are a company’s intranet, subscription-based publication, and academic or government databases.

The deepest layer is the “Dark Web”. Websites in this layer can only be accessed via a Virtual Private Network (VPN). The visits to these websites are encrypted and the use of a VPN hides your identity, providing the much sought-after anonymity. As you can imagine, this is the “underworld of the Internet”. Stolen data from company networks, such as customer personal information, healthcare records and so on, are some of the types of data commonly sold on the Dark Web for a profit.

Despite knowing that this “underworld” exists, it is difficult to investigate and penetrate the Dark Web. This is because many sites and forums on the Dark Web provide access to a very carefully selected group of users. Users may have to complete tasks given by the administrators or, in some cases, be required to have had committed crimes! The sites are also hosted on “bullet proof” servers that are not easily accessible. These features, coupled with the technical know-how of accessing the Dark Web, ensure that it maintains its secrecy and the anonymity of its users.

The existence of the Dark Web provides a breeding ground for these cyber attackers. As the saying goes – prevention is better than cure. Instead of negotiating for the return of the stolen data, or waiting for long-drawn legal battles or investigations, organisations and individuals should be vigilant with how their data is stored and used by anyone who comes in contact with it. Read the next article in this series to learn more about the top 10 gaps in cybersecurity and how you can avoid being a victim.