In today’s digitized and networked world, data breaches and cyber-attacks have become fairly common among individuals, businesses and government agencies. In the U.S., nearly 179 million records were compromised in 2017, and the number of data breaches in the country reached 1,579 that same year.
One of the common causes of data breaches is a stolen, default or weak password. In fact, the 2017 Verizon Data Breach Investigations Report (DBIR) revealed that the number of data breaches involving stolen or weak passwords jumped from 50 percent to 66 percent to 81 percent over the last three years.
Because digital credentials such as passwords and usernames are the easiest way to gain access to an organization’s business data, they are among the most valuable assets found on the Dark Web. Companies that have had their confidential information exposed and sold on the Dark Web are unaware of it until they have been notified by a law enforcement agency. According to a Verizon study, 93 percent of data breaches took only minutes or less, but companies took weeks or more to discover the breach.
What Is the Dark Web?
The Dark Web is a part of the World Wide Web that is not searchable or indexed by common search engines. Contents in the Dark Web are only accessible by means of special software, allowing users and website owners to remain untraceable or anonymous.
The Dark Web has earned a connotation as a sort of huge black market because it’s usually associated with a host of illegal activities, including the buying and selling of illicit goods. Because there’s total anonymity on the Dark Web, criminals not only trade passwords and usernames but also stolen credit card numbers, counterfeit money, hacked software and subscription credentials, and more.
That said, not everything on the Dark Web is illegal. It also has a legitimate side, such as websites for companies and political parties and forums for chatting about privacy, games, and technology.
How Do Usernames and Account Passwords Get Compromised?
In 2017, a reputable security research firm revealed that there are about 1.4 billion stolen passwords and usernames on the Dark Web, giving even the most inexperienced hackers a shot at your online accounts.
Having a weak password is one of the main reasons why digital accounts end up on the Dark Web. Using weak login credentials makes it easy for hackers to guess and gain access to your online accounts. Another reason is reusing a password for multiple accounts. Imagine if one of your employee’s personal accounts gets hacked, and you’re using the same internet credentials in your work email. Because the hacker has a backdoor into your company, he can easily sneak malware onto your network or try to penetrate deeper to access your financial or employee records.
How Does the Dark Web Induce Fear and Impact Business?
Two groups of people benefit from the Dark Web: the hackers who use it to sell illegal goods or blackmail victims and the companies who offer to track them on behalf of private clients. Both are now established trades and cashing in on people’s fear. Hackers not only buy and sell stolen digital credentials and illegal goods but also extort money from you.
On the other hand, companies make money by alerting you that your personal information is on the Dark Web and trying to sell you their monitoring or protection services. For instance, tech companies search your domain and send you a few passwords to get their foot in the door.
Tips on Creating a Password Policy for Your Organization
A password policy is a set of rules that improve computer security by encouraging users to create secure passwords and then store and use them properly. Some of the password policies that every system administrator should implement include the Enforce Password policy, which will set how frequent an old password can be reused; the Maximum Password Age policy, which determines how long users should keep a password before they can change it; and the Minimum Password Length policy, which sets the minimum password length to at least eight characters.
Use a Password Manager Program such as LastPass
Passwords are paramount to online security. Even though it’s difficult to keep track of multiple passwords, you should never use the same user credentials for multiple accounts. Instead, use a password vault to keep them all safely in one place, locked by a single password that can be a lot more complicated and therefore less likely to be compromised.
Consider using a Network Monitoring Service
A network security monitoring service identifies, analyzes and proactively monitors for company’s compromised or stolen employee or customer records. It scours the most secretive corners of the internet to catch compromised digital credentials associated with your company and alert you immediately when these critical assets are exposed before they’re used for data breaches, theft or other crimes.
Digital credentials such as passwords and usernames connect you and your employees to critical business applications; and because criminals know this, they are among the most valuable assets floating around Dark Web. To secure your digital assets 24/7, you need visibility and the threat intelligence to stay on top of the hacker underground. Let DWD Technology Group’s experienced network engineers help you protect your employees and your business. Get a consultation today!