Cybersecurity is in the spotlight more than ever before. As businesses pivoted to widespread remote work, employees relocated into their home offices using dicey Wi-Fi networks and suddenly played a role in protecting the company network. While the threat to our professional data network is now widely understood and for the most part employees are playing their part in preventing confidential information from falling into the wrong hands, there are also grave risks to our personal data being exposed, says Barry McMahon, senior manager of identity and access management at LastPass.
The internet is embedded into our everyday lives, and we couldn’t imagine life without it. It’s something we now take for granted. However, now we feel comfortable there and safe. That’s when mistakes happen. The internet is not a safe place, but the biggest threat in the online world? Data breaches.
The pandemic ushered consumers across the country online, and where all our information is easily available to hackers. This is especially true when the greatest risk is the human element. Just last year, 80% of data breaches were a result of weak passwords and 92% of Brits admitted to reusing passwords. Some of this comes down to lack of understanding, but there is also an added layer of desensitisation where consumers lack awareness of the real risks posed by hackers. We wouldn’t leave our homes unlocked for thieves to come and steal our physical belongings. Our data online is no different. So, what is the dark web and why should we be concerned?
Exposing the dark web
The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. It’s a scary prospect, and many may feel these things will never happen to them, until they do.
Most people don’t really understand the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a 2019 study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should be treating the location and accessibility of their data with the caution it deserves.
Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.
Are people concerned?
Recent research has found that UK consumers are becoming less and less concerned about the use of their data. In 2018, 47% said they were ‘very concerned’, two years later and this number dropped to 24%. It is clear our attitudes towards online safety are diminishing, and the impending threat to our data is at stake. Our new research found that 83% would not know whether their information was compromised on the dark web, while over a third (36%) haven’t changed security habits as they believe their account accounts aren’t valuable enough for hackers. Are we becoming desensitised to the dangers of the internet, as it becomes more and more ingrained in our lives?
Educating individuals is key to protecting company and personal data. Many are oblivious to the dangers and therefore do not implement protection strategies. If only we took the same level of care for our online presence that we did for our physical then our cyber spaces would be much safer and more secure and much less risks would get into the hands of cyber-criminals.
Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.
Be mindful, be vigilant
Cybersecurity is a major concern in both our professional and personal lives. While detection is important, it’s only the beginning and awareness alongside education are fundamental parts of the puzzle. We know the human element is the weakest link in the security chain, but it’s easily solved by updating default security setting and changing passwords regularly across platforms. The onus is also on employers to ensure security awareness takes precedence across the business so confidential data can be kept safe. Memorising passwords is becoming, and should already be, a thing of the past. Companies, as well as individuals, need a robust strategy for protecting their data, that does not depend on the unreliability of human memory. The tools already exist to adequately protect ourselves, it just takes education to be able to implement the strategies effectively.
Security will never be a one-stop shop and it’s up to us all to ensure it is top of everyone’s minds. Cyber-attacks are growing in sophistication and quantity and as remote work is here to stay, the associated security challenges remain. The dark web hosts thousands of exposed credentials for sale and therefore it’s more important than ever that we focus on our cybersecurity. Using randomly generated passwords across different accounts, and investing in solutions with built-in privacy features is a good starting point. By implementing these measures, safety and security can be withheld so we can all stay safe from the threats of the online world.
The author is Barry McMahon, senior manager of identity and access management at LastPass.
Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus
