'Tis the Season for Cybersecurity Risks (article)
With the hustle and bustle of the holiday season in full gear, consumers and retailers need to be especially careful. Holiday sales and discounted prices on goods mean more transactions. More transactions mean more opportunities for cyber criminals to access potentially sensitive information. Consumers and retailers that understand the types of holiday risks they may be facing and how stolen information is being used may be able to avoid getting wrapped up in a scam.
Stolen Information and the Dark Web
Sensitive information has been shown to be valuable on the so-called Dark Web, though the abundance of stolen information available has knocked the price point down a bit. More than 145 million people had their sensitive information stolen over the summer in the breach of the credit rating agency Equifax. Individuals potentially affected by the breach may need to keep monitoring their activities because the breach is only the beginning of the cybersecurity marketplace.
The internet has several layers to it. Browsers that come installed on internet-ready devices take users to the top layer, the Surface Web. The Surface Web’s pages can be easily accessed and found through search engines.
There is also the Deep Web, which includes content that is basically hidden but accessible through a standard internet connection. Typically this data belongs to a company and includes proprietary information, such as personal email or data archives.
Finally there’s the Dark Web, which is essentially a black market operation that functions similarly to the experience of a Surface Web page. Users need specific software and browsers, such as Tor, in order to access Dark Web pages. Websites on the Dark Web are harder to track, so they’ve become a haven for the buying and selling of illegal products. The amount of technology involved in getting to the Dark Web also makes them popular for cyber criminals, who use the Dark Web to sell malware or other hacking “guides.”
Personal information obtained in a breach could end up in the Dark Web marketplace, packaged with the information from other breach victims. Personal data sets are then sold to the highest bidder. Once the seller obtains personal information, he or she could use the credit card numbers or whatever else was compromised to place online orders of merchandise or make other illicit purchases.
How Businesses Can Protect Themselves from the Dark Web
Businesses that conduct a significant amount of business online or that have data that may be particularly appealing to cyber criminals should brush up on Dark Web trends and what seems to be selling well on underground channels. For example, information collected by the National Security Administration was leaked onto the Dark Web in early 2017, and some of that information on known system vulnerabilities was used as part of the WannaCry incident.
Organizations and their information security teams will also want to monitor the methods used by large scale attacks to ensure their systems and processes are capable of addressing that type of intrusion. Security and software patches are essential, as is ongoing staff awareness training.
How Can Individuals Protect Themselves from the Dark Web
Now, more than ever, individuals need to be vigilant about monitoring their online purchases and bank statements. They should report any suspicious credit or debit card activity to their bank right away to try to stop stolen purchases from going through.
Individuals should also be aware that the standard cyber risks are going to be at an all-time high, too. Cyber attacks may be getting more sophisticated, but phishing emails are as common as ever. During the holiday shopping season, these phishing emails may be touting deep discounts of name-brand items. The Department of Homeland Security recommends hovering over hyperlinks before you click anything to make sure you recognize the URL first. Messaging in phishing emails also tends to be urgent, and it may sound too good to be true.
Any suspicious emails should be reported to the FBI’s Internet Crime Complaint Center, local police and the Federal Trade Commission.
The holiday season is no time to let your guard down when it comes to cyber risks. Businesses and consumers that are in tune with cyber attacks and cybersecurity trends may be able to avoid the season’s greatest cyber risks.
§ A Good Cybersecurity Defense Starts with People
§ The Internet of Things Makes the Future of Cybersecurity Much More Complicated
§ Four Steps to Beat Cyberattacks
Ray Gandy is a Director and Leader of the IT Risk and Security Practice in New England. For additional information, you can reach Ray directly by email (or 617.761.0722), or contact your local CBIZ MHM professional.