Communicators: Your next crisis will come from the Dark Web
Due to the increasing popularity of interconnected new technologies such as Internet of Things (IoT) as well as the use of social media and other digital communication technologies at large, organisations are now more vulnerable to communication crises than ever. In 2017, the Institute for Crisis Management recorded a total of 801,620 crises, a whopping 25% increase within just 12 months. Risk levels for companies have risen overall, with cybersecurity being the world’s third most likely risk factor for organisations in the next decade. Cybercrime activities can include ransomware attacks, phishing or malware and many others.
The thriving black market on the Dark Web plays an important role in contributing to the growth in cybercrime worldwide. And the numbers don’t lie: 230,000 new malware samples are produced every day and, both, McAfee and Symantec estimate that the global cost of cybercrime to be anything from $113 to $575 billion per year.
So who’s at risk from Dark Web attacks? Is it possible for organisations to preempt such attacks? And how should communicators respond if an incident actually turns into a crisis? Read on to find out.
Trend: Dark Web use is expected to grow
When you do a Google search, it might feel as though you have access to the entire internet – but that’s far from the truth. In reality, the content that’s indexed by search engines represents a mere 4% of the Internet; the remaining 96% that’s unindexed is called the Deep Web.
To further unpack this, there’s a portion of the Deep Web that’s hidden for legitimate purposes (for instance, corporate intranets and media streaming services) and there’s a portion that’s intentionally concealed for unlawful purposes dubbed the Dark Web. This is the place where criminals organise attacks, offer stolen intellectual property, personal data such as financial records and counterfeit goods for sale. To top it off, there are quite a few terrorism-related activities taking place there.
Read our earlier blog post on what PR pros need to know about the Dark Web.
Moving into 2019, experts predict that we’ll see the rise and fall of niche markets as well as the emergence of new markets within the Dark Web. Seeing as how cybersecurity firms and even law enforcement personnel have successfully traced Bitcoin back to Dark Web users in 2018, it’s also likely that those on the Dark Web will start using alternative forms of cryptocurrency, instead of sticking to Bitcoin – not at least as Bitcoin is now also seen as hackable.
We’ll also see a surge in the number of people using the Dark Web. On the demand side, more individuals (especially those in countries with high levels of censorship) are fighting for their privacy. And on the supply side, Tor recently launched an alpha version of their browser for Android users. Once Tor’s stable version of their Android browser is released, this will open the floodgates and make the Dark Web more accessible to hundreds of millions of people from across the world – for both, good and bad purposes.
Who’s at risk of Dark Web attacks?
Here’s what we know: in the second half of 2018, cybercriminals who launched Dark Web attacks using malware started targeting organisations over individuals. The rationale behind this? Businesses have more to lose and launching attacks on these promises cybercriminals a better pay-off.
Now that we know that businesses are at higher risk, let’s do a deep dive into what types of businesses are most vulnerable. Threat intelligence firm OWL Cybersecurity recently ranked all members of the Fortune 500 based on their darknet footprint and here’s what they found: while every single one of the Fortune 500 company is exposed, technology and telecommunications companies are most often targeted by threat actors.
If you aren’t in the technology or telecommunications industry, does that mean you can breathe a sigh of relief? Unfortunately, that’s a no. As RepKnight cybersecurity analyst Patrick Martin puts it: “Every business in every sector owns data that has the potential to make a nice profit on the Dark Web, which means that every industry sector is at risk”.
Dark web-induced crises: Examples and impact on reputation
In 2018, programmers of the Huazhu Hotels Group, managing over 3,800 hotels across 382 cities in China, accidentally uploaded copies of the client database to GitHub. A hacker immediately seized the more than 240 million records that were uploaded and started selling the data belonging to over 130 million individuals on a Chinese dark web forum.
Europe has experienced plenty of Dark Web crises as well – and not all them come from businesses. For instance: in 2018, a French police officer was charged and arrested for selling confidential data on the Dark Web in exchange for Bitcoin. It was reported that the officer sold sensitive files to cybercriminals and these used the files to create forged documents.
In 2018, Marriott came clean about how 500 million of their guests had their data exposed to hackers and offered for sale on the Dark Web. The incident resulted in a lot of media coverage and social mentions and impacted Marriott’s reputation extremely negatively as you can see below (credit: Adwired’s BrandTicker).
How can communicators prepare for a potential Dark Web crisis?
Internally, it’s crucial for organisations to track their data and secure their networks. All confidential information should be encrypted and information should only be shared on a need-to-know basis. Also, they should raise awareness for possible cyber threats and educate employees, partners, customers and other stakeholders.
Externally, communicators should remain vigilant and proactively monitor the Dark Web for mentions of their brand, products or spokespersons. There are tools that companies can use to monitor for mentions of their data outside their firewall; this allows businesses to become aware of emerging threats in real-time, instead of remaining clueless.
Dark Web Monitoring & Cyber Intelligence
Dark Web attacks are usually planned months or even years in advance. Uncovering potential cyber and physical security threats is not something that companies can do manually. Instead, communicators should use advanced monitoring technology, such as:
- MarkMonitor Dark Web and Cyber Intelligence
- IntSights Cyber Intelligence
- Cobwebs’ cyber monitoring tool
- Forensic Pathways’ dark web crawler
- Dashlane’s Dark Web monitoring tool
- Experian’s Dark Web Surveillance tool
- Webhose’s Dark Web Data Feed
Dos & Don’ts of managing a Dark Web induced crisis
Dark Web attacks and other cybercrimes are not only harmful and costly in terms of the data stolen – they are particularly threatening to a company’s reputation. Nearly two-thirds of organisations that were affected by an attack in the past say that restoring their reputation is even more difficult than regaining their employees’ trust.
Those fighting against a Dark Web induced crisis should, therefore, consider these best practices:
Do: Identify and resolve breaches asap
By taking a proactive approach, also using advanced technology, communicators can identify any breaches or attacks and should take actions to minimise damage as early as possible. Also, according to the GDPR, organisations which are aware of data breaches are required to inform regulators and impacted individuals of the breach within 72 hours – or they risk facing dire consequences and fines of up to 4% of their revenue.
Do: Communicate timely and transparently
Once you break the news to customers and external stakeholders, you should commit yourself to providing frequent updates to the public. If you have dark sites on standby – these are fully functional, pre-packaged websites that can replace or supplement an organisation’s main website – this would be the appropriate time to take the site live.
Do: Work to invalidate the data
According to experts, it’s hard to shut down the sale of personal data on the Dark Web by looking to get involved in a potential process between buyers and sellers. But what companies can do, instead, is to work to invalidate the goods (ie: the data). Once a breach has been found, companies should quickly act to change credentials and passwords to destroy the “product”. This will harm the reputation of the seller and indirectly damage the market for stolen data.
Do: Get support from law enforcement
Generally speaking, it doesn’t pay to try and take on the Dark Web alone. Instead, you’ll want to enlist the help of law enforcement and relevant associations. Make sure you share threat data with relevant agencies, who can pool together all their data and resources to increase their chances of catching the cybercriminals.
Don’t: Buying back all of your stolen data
According to Andrei Barysevich, a director with cyber threat intelligence firm Recorded Future, there are cases where organisations realise that their stolen data is being peddled on the Dark Web, then move to buy back that data.
Here’s their rationale: they might be flushing a few million dollars down the drain, as they think it’s worth it to NOT let the data fall into the hands of malicious actors. That said, Barysevich notes that this isn’t the right move. By purchasing the information, the company is essentially disturbing the balance and creating an even greater incentive for criminals to steal even more data thus creating a vicious circle.
Don’t: Fail to disclose your breach
In 2017, Uber revealed that it had paid hackers $100,000 in an attempt to conceal a 2016 data breach. Because they failed to disclose their breach immediately after the incident, the company was fined £385,000 by the UK’s Information Commissioner’s Office. In September 2018, Uber settled this case with the Federal Trade Commission for $148 million.
A final word on the Dark Web
The Dark Web might seem like risky territory, but it’s crucial for organisations and their communication teams to familiarise themselves with it and understand its going-ons. Constant vigilance is key here: in the unfortunate event that a data breach does hit your company, you’ll want to ensure that you discover it – and take action – in record time.