Dark Web, How Does it Impact Small Businesses?

Dark Web is a term that has surfaced in recent years in connection to cybercrime and cyber security.  Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the Dark Web.  An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses.

What is the Dark Web?

The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.

What is for sale on the Dark Web?

Information sold on the Dark Web varies, and includes items such as stolen credit cards, stolen account information from financial institutions, forged real-estate documents, stolen credentials and compromised medical records. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable? 

Stolen user names and passwords are becoming increasing popular among cybercriminals, but why? Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons. 

Why should small businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large- scale corporate data breaches, small businesses often think they are not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business?

To reduce the risks of a cybercriminal gaining access to your company’s information/network, you must ensure you have proper security measures in place. The FTC has a webpage that can assist with security options for businesses of any size.  In addition, it is crucial that your employees are properly trained on security, including appropriate password practices. There is also talk of a government-led cyberthreat sharing program which would help enhance security across all industries by sharing cyberthreat data.


Two men hunting

Your network security guy is a little bit like your hunting partner

We know that it sounds like a bit of stretch, but it really isn’t. How you choose a network security consultant is similar to how you choose your hunting partner. Throughout our time in the security industry and our experience as hunters, we’ve noticed a few similarities between our love of the hunt and our passion for protecting your network.

A good hunting partner, like a good security consultant, is always prepared. If you’re a hunter, you know you need to be ready when your prey appears. You might only have one shot. To be prepared to accurately hit your target, you’ve had months or even years of training to use your scope, your gun, and your surroundings to create a favorable outcome. Your security consultant should have similar skills. A ready consultant will have years of experience and training behind them. Your consultant should be aware of the technical landscape of your industry and the threats present. Similarly to experienced hunters, they’ll be able to troubleshoot when things go wrong and are aware of how to execute when things perform correctly. A prepared hunting partner will understand the terrain they’ll be traversing. A security consultant should prepare a technology roadmap to accomplish your business goals, as well.

To adequately protect your network, your security consultant needs your confidence. So does your hunting partner. If you’re in a blind, staring intently towards moving wildlife, chances are you have a lot of faith in the guy (or girl) with a loaded weapon sitting next to you. A compromised network can come with some pretty hefty damages, so choosing the right IT partner can be one of the most important business decisions you make. You’re entrusting your livelihood to another individual whether you’re in a blind or in the office, security strategizing.

Hunting can be a tedious hobby. You can have all the training and all the tools to tackle your prey, but Bambi might not show up. Likewise, you might have 10 layers of protection in place and never experience a cyber threat. The idea is that you’re ready to defend when necessary, not that you’re actively “looking for trouble.” Like hunting, you never know when the cyber attack will actually occur. You can only be prepared for it when it does happen. This takes a lot of patience, but that patience pays off in the end. A security consultant’s job is to be ready, and your hunting partner’s job is to be ready.

When you choose who to take on that get-out-of-the-house-and-make-some-deer-jerky hunt, you’re looking for a person you can trust- a person who you know to be dependable and prepared. You’re looking for the same in a security consultant. At Cognoscape, we’ve had quite a few successful hunts, and we’re even better at protecting your network. Give us a call to discuss scopes, security, and strategy.


3 Signs You Need An IT Security Consultant

If you’re reading this, odds are you’ve realized you might need some help with your IT security. Here’s the thing about IT security, online threats are oftentimes more subtle than physical threats. They can be silent and unassuming. With that in mind, here are 3 signs that you need an IT consultant.

1. The numbers and statistics say it’s time.

SecurityIntelligence.com breaks down the cyber crime numbers over the past few years… and they are staggering. As of November 2016, over “50 percent of small and mid-sized organizations reported suffering at least one cyberattack in the last 12 months.” Further, the average cost of one of those attacks to a small to mid-sized business involving assets totaled $879,582. Those businesses went on to spend another $955,429 to get their business functional again so that they could continue to run at a normal level. Think about that for a second. One attack on your assets can cost you close to 1.7 million dollars.

Additionally, it’s been shown that over 60% of businesses that were hit by a cyber attack closed within 6 months after the attack. Whether it be the cost or the damage in total, when you are attacked and aren’t protected, there’s a good chance that you’re either going to be damaged severely, or your business will close altogether.

2. Your employees don’t regularly update their applications.

Did you know that 95% of all cyber attacks are caused by human error? SecurityIntelligence.com has been following this trend for years. It’s not unlikely you or someone in your office will unintentionally facilitate a cyber attack on your business.

We know that you don’t have the time to worry about your network security when you’re busy running your business, but that doesn’t mean that it should be left unchecked. According to the Verizon Data Breach Investigations report, “Most (cyber) attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years.” That means that when it’s inconvenient to update your applications, you’re leaving the door wide open for cyber criminals to walk in and attack your network.

If you aren’t aware as to whether or not everything has been updated in your office, you could be vulnerable. An IT security consultant ensures everything is up to date and running at peak security levels so your network is protected.

3. Your business is growing

That’s right, the final sign that you need an IT security consultant is that your business is growing. While you’re running the day to day operations of your thriving business, the target on your network is growing.

Hackers know that as your business grows, there is more money and information to steal. Your success is a beacon to criminals who are willing to exploit your hard work. With an IT security consultant in place, you will be able to rest easy knowing that the attention your business gets will not bring about successful attacks from cyber criminals.

To learn how we can protect your business, reach out to one of our experts, today.

Father and son hunting

The Similarities Between Hunting and Cybersecurity

We know what you’re thinking. What similarities exist between hunting and cybersecurity?” As an organization focused on cybersecurity who just happens to know a lot of very avid hunters, we’re here to tell you that the two are incredibly similar in many ways.

The first similarity between hunting and cyber security is that to be good at both, you’re going to need a map. In hunting, you’ll use a map to get you to the perfect place to find deer, ducks, or whatever game you may be looking for. From there, you’ll need a plan as to what exactly to do once you get there.

It’s the same in cybersecurity. When looking at your network and how it functions for your business, you’ll need a specified road map, one that outlines exactly where all the trouble spots may or may not be and exactly what to do with those areas.

The second similarity between hunting and cybersecurity is that both are “hurry up and wait” scenarios. When you go on a hunt, you prepare as much as possible for the moment when you need to fire on your prey. It takes hours of preparation including the finding right tools and location in addition to studying what you may be up against. Finally, after all those hours of preparation, you go into the field and wait… sometimes hours for your prey to finally come along so that you can take your shot. Cybersecurity is the exact same thing.

In cybersecurity, you or your managed service provider study the lay of the land with your systems and networks and prepare all the proper tools, find the right location and build up a lot of knowledge to know what you might be up against. All of this is done so that you can be prepared for when something bad may or may not come alone. Whether it be a hacker, a virus, or any other potential threat, cybersecurity, like hunting, is a get prepared, hurry up and wait game.

The third and final similarity between hunting and cybersecurity is both require a lot of experience and training to become proficient. In hunting, you can prepare and have the right equipment, but still miss your prey. It takes practice and real world experience to be good at hunting. The same is true of cybersecurity.

We at Cognoscape have years upon years of the training and experience necessary to protect your company from any potential cybersecurity threats. We have seen it all throughout our years of working in the community and know how to be perfectly on target when your business comes under attack. Trust us with your cybersecurity needs.