The “Dark Web” and Insider Threats to Data Security

deep-web-1106648_1280We’ve written before about how employees are often the weakest link in data security.

Most data breaches involving employees are cases where the employee was either ignorant or careless. Employees are often lazy with passwords (choosing simple ones, reusing passwords, etc.). They may not realize that plugging a USB stick into a computer to watch a pirated video could lead to a malware infection. They may fall victim to a phishing attack (no, your iTunes account has NOT been suspended because of a problem with your credit card).

But there’s a much more sinister problem that’s becoming increasingly common.

A report just out from RedOwl and IntSights highlights how cybercriminals are using the Dark Web to recruit employees to become “rogue insiders.”

The “Dark Web” is a corner of the internet that you can’t explore with Google, and that you can’t explore without being encrypted and anonymous. It exists between an anonymizing service, Tor, and its servers and clients.

There are legitimate uses for Tor, such as protecting the anonymity of human rights activists who live in countries with repressive regimes. But the combination of anonymity and concealing of one’s physical location also makes Tor and the Dark Web very popular with criminals.

Many corporations with high-value assets accessible online – such as financial institutions – have gotten pretty good at making it unlikely that garden variety carelessness can lead to a major data security breach. But as businesses get more sophisticated, the bad guys get more sophisticated too. Many cybercriminals have been turning to the Dark Web to recruit employees who have access to corporate networks to plant malware.

In some cases, they can recruit disgruntled employees who are angry over some perceived slight, whether it’s being passed over for a promotion, a bad performance review, or an abusive boss. In other cases, the motivation is straight up financial: a cut of the proceeds for defrauding the employer. Whatever the employee’s motives, once a “trusted insider” has gone bad, protecting your online assets becomes much more difficult.

Most companies spend the vast majority of their cybersecurity budget on “perimeter defenses,” making it difficult for outside hackers to break into the network. The increasing recruitment of insiders means companies need to start focusing more attention on stopping and catching a malicious actor who’s working within the corporate firewall.

The best way to slow down insider threats would be to protect your network from malware and have a setup that makes any activity within the network traceable, such as with PACid’s Bolt-on Strong Security (BoSS). Employees can’t give away the keys to the store if they don’t have the keys in the first place.