We’ve all seen advertisements for the websites that offer to connect you with the professionals ready to help you with a specialized task around your home, from repair work to childcare to cleaning services. Unfortunately, cybercriminals have adopted a similar tactic to help market their services, leading to the creation of a sort of hackers’ gig economy on the Dark Web.
Let’s dig into what this is, and how you can minimize the risks it could pose to your business.
The gig economy is the environment that many find themselves operating in now, where part-time and temporary positions as an independent contractor are commonly used to supplement or replace the more traditional workplace as a source of income—where the “side hustle” is normalized. The Internet has greatly facilitated the development of this economy, particularly amongst younger workers in the cities.
The gig economy presents benefits to the workforce and to businesses alike. The workers have gained the means to enjoy their increasingly flexible lifestyle, while businesses can now take on resources as they are needed without the long-term (and often financially prohibitive) commitment an additional full-time hire would impose.
While the gig economy isn’t without its drawbacks, our focus here is primarily the concept that the Internet has allowed more people to find the opportunity to work in a non-traditional way… and businesses are certainly taking advantage of these capabilities as well.
Unfortunately, this doesn’t exclude cybercriminals—or, for that matter, the businesses who resort to hiring them—who do so by taking advantage of the Dark Web.
We’re aware that many people may not be familiar with the term “Dark Web” beyond the references to it they may have heard in news headlines. To bring you up to speed, let’s go over the basics of how the Internet itself is built:
The Internet has three parts:
This last point is why the Dark Web is so commonly associated with cybercriminal activity.
The anonymity of the Dark Web enables cybercriminals to use it as a means of selling their services without identifying themselves, hiding their identities and obscuring payments behind encryption. As a result, a new gig economy has risen on the Dark Web where cybercriminal acts can be bought and sold.
Let’s look at a hypothetical example of such a transaction:
Say for a moment that your business has someone who wishes ill upon it, whether that’s a competitor of yours, or a former client with a grudge, or even a former employee with an axe to grind. If they had the motivation and the know-how required to do so, this enemy could anonymously go on the Dark Web and hire a cybercriminal to attack your business in exchange for a sum of money.
There are entire forums on the Dark Web where hackers will offer their services for a price and potential clients seek out an attacker to carry out some misdeed. Crunching the numbers, these forums have seen over 80 million messages sent by more than eight million users, breaking down like this:
Of course, we should also mention that a hacker who has stolen data can find the Dark Web quite lucrative. A hacked database could potentially be sold for $20,000, every 1,000 entries netting them $50.
In fairness, the average small or even medium-sized business likely isn’t at much of a threat from such activities on the Dark Web… for now. As more and more people become aware of it and become familiar with the technologies needed to use it, the practical threat it poses will only grow.
That said, it isn’t as though it isn’t being used now to distribute stolen data and access credentials. Your data and information could very well be present on the Dark Web right now, for sale to any who might want it.
As time goes on, businesses will need to adopt safeguards and integrate them into their standard procedures:
If there is a vulnerability on your business’ network or exposing your data in some way, the safe assumption is that a cybercriminal will take advantage of it at some point. Keeping your security comprehensively updated will help to resist these attacks when they ultimately come.
Some threats, like phishing, rely on your team to miss them to take effect. By training your team to be able to identify and mitigate these attacks, you can help keep your business safe from these efforts.
Last—but certainly not least—you and your team need to keep all the best practices that will help protect your business against the threats that cybercriminals pose in mind, always. This will help to eliminate much of the opportunity that cybercriminals would otherwise have.
The team here at R&L IT & Telecom Consultants is here to assist you with all of this. To find out how, give us a call at (718) 685-2959 today.