Many companies are reluctant to monitor threats on the deep and dark webs. These are challenging, risky areas to navigate and in which to be present. But you still must not ignore them, if you are to protect your people, assets and organisation.
Last year, our Protective Intelligence team came across an online user searching for the home address of a senior leader at one of our client organisations.
The individual’s language included terminology that we commonly see within far-right groups. We identified social media posts showing previous instances where they had visited senior executives’ homes; in our assessment, they had both the capability and intent to track down the senior executive.
Within 60 minutes of detecting the hostile actor, we issued a prioritised alert to our client, enabling the security team to protect the executive, his family and his property in a more robust manner.
Yet many companies may easily have missed this early warning sign – because it was posted on dark web forums.
Many organisations limit their threat-hunting to the open web because they do not have the resources or skillset necessary to navigate the deep and dark webs effectively or to navigate the associated risks and security issues.
But these are also areas that no corporate security function can afford to ignore if you are to properly protect your people, assets and corporate reputation.
Here’s why.
Open vs Deep vs Dark
The open web, the one on which you are reading this piece, is anything indexed on a search engine like Google. But while it’s the one most people are most familiar with, it’s only a tiny portion of internet content.
The deep web is the layer beneath and makes up 96 to 99% of all web pages.
Most of us regularly use the deep web, which is also known as the ‘invisible web’, as it houses private material – for example, financial transactions protected by a login or subscriptions hidden behind a paywall.
But it’s also an attractive location for threat actors to exchange information or congregates.
The dark web, meanwhile, consists of pages that have been intentionally hidden by their creators.
Why the size of the deep and dark webs poses a challenge…
So why do companies routinely ignore or underplay the deep and dark webs, when monitoring threats? And why do some companies’ internal regulations or IT security deny access to these areas?
One reason is the sheer size of the deep and dark webs, which are estimated to be 500 times the size of the surface web.
Where do you start with such a colossal amount of information? Many in-house functions lack the tools, resources, time and expertise to navigate the unindexed underbelly of the web. The next step –sifting through the gathered information – is even more onerous given the huge volumes potentially collected.
And even if you can navigate these areas successfully, there are other concerns. The deep and dark webs are full of material that can be difficult to see, such as videos showing graphic, real-life violence. This can pose a psychological health risk for your staff if they are not properly supported.
There are physical risks to your IT systems to contend with; what if someone accidentally brings malware or spyware into your systems? This could happen if they’re not experts in operational security and don’t have a full awareness of the threats inherent in navigating deep and dark web spaces.
Finally, simply being present on the dark web could pose a reputational risk to your company. Many organisations do not want to be perceived as having a presence in dubious forums or having any contact with dangerous or nefarious individuals. Yet this could happen if a staff member does not know how to disguise their identity safely or inadvertently releases information that traces back to you.
…But it’s also why you cannot ignore it
Despite the risks, you simply cannot ignore the deep and dark webs if you are to protect your company adequately.
The key reason is the very one that leads many companies to shy away from these areas in the first place: the sheer breadth and depth of information held there.
You cannot consider yourself to be “monitoring” for threats when you are ignoring the vast majority of the Internet – the areas most likely to attract hostile and bad actors who are potentially a threat to you.
The second reason that the deep and dark webs are fertile ground to identify threats to your organisation is their lack of stringent moderation. Information stays put – conversations linger. Conversations that, due to the assurance of anonymity, more readily display what hostile actors really mean, making it simpler to peer behind a comment and better understand intent, capability, or incitement to violent action.
A responsible approach to threat-hunting on the dark web
The deep and the dark webs are to be approached with caution – but not to be feared.
With the right tools and skills to navigate these areas efficiently; with strict policies and procedures to protect your team and your organisation; and with the resources to analyse the data collected and turn it into useful, actionable intelligence that aids decision-making, your company can include the deep and dark webs in its threat-hunting.
You can read about the five pillars to monitoring the deep and dark webs safely and ethically here.
However, many companies prefer to outsource this responsibility to a company like Dragonfly, which has all the necessary systems in place to identify threats to your organisation on the deep and dark webs swiftly, without compromising the safety of your people, IT systems or corporate reputation.
Protective Intelligence is a bespoke, human-led solution that delivers actionable assessments that help you understand and mitigate your specific threat landscape.
Critically, our work is not confined to the open web. We monitor the deep and dark webs as well, using specialist software that can continuously scan dark web pages, forums and apps even if they are not indexed.
We operate according to strict guidelines outlining where we can visit and how we can represent ourselves in order to ensure that our work is safe, secure and controlled. Our efforts are also air-gapped, with a full set of protections in place to minimise the possibility that they will ever be traced back to your organisation.
Finally, our Protective Intelligence specialists not only receive training to deal with potentially disturbing material they may be exposed to online, but also regular counselling sessions to protect their mental health. Utmost care is taken to safeguard everyone involved.
The result is that we can identify serious threats that would otherwise go unnoticed until far too late – like the individual searching for our client’s home address – providing corporate security teams with an early warning so that they can take proactive action.
To find out more about how Protective Intelligence can help your company monitor, identify and assess threats on the deep and dark webs, get in touch with our specialists today.
Image: Person scuba diving around the Northern Mariana Islands. Photo by Hoiseung Jung/EyeEm via Getty Images.