Business and the dark web

The internet has made a sea change in the way we do business, bringing with it unprecedented opportunities; its presence is all-encompassing – it is present in every platform a business uses from communication, reporting, and marketing to trading, production, and innovation and everything in between. Like any good thing, the pervasive use of and reliance on the internet also brings with it some major risks and it is imperative that businesses prepare themselves by, at the very least, brushing up their knowledge on the worst of those threats. Getting to know the dark web is a good place to start.

Originally meant to protect US spies, and then used to protect the identities of dissidents, activists, and whistle-blowers from oppressive regimes, the dark web is a veiled part of the deep web (as opposed to the surface web that we use on a daily basis). The dark web is not accessible to normal surfers; it is shrouded in layers of encryption and can only be accessed through specialised tools, the most popular being TOR (short for “The Onion Router” named for the multiple layers of privacy involved). The anonymity and lack of traceability of the dark web has made it a haven for nefarious and criminal activity.

The dark web today is estimated to be a $ 1 billion illicit marketplace where one can access anything from child pornography to stolen identities, and credit card and bank information; trade in drugs, arms, and counterfeit goods; organise political manipulation, or even pay to have someone assassinated. Hacking and technological crime services, including malware like viruses, worms, and Trojan horses, phishing and “hired hacking” in particular, can impact businesses anywhere in the world. The use of cryptocurrencies to pay for these services makes the entire system virtually impossible to track.

In context, the volume of transactions on the dark web is minute when compared to other subversive transactions globally. For example, the UN estimates money laundering in 2019 to be in the region of $ 2 to 4 trillion. However, what’s scary about the dark web is the depth and scope of criminal activity that it can facilitate.

Protecting a nation and an economy against the machinations of the dark web sits squarely in the realm of law enforcement and regulatory authorities. But it is equally important that businesses recognise the dark web for the potential it has to disrupt and exploit business; proactive action to stay alert, informed, and prepared is far better than reacting to a data breach or malware unleashed on your systems that could cripple business as you know it.

While mature organisations do take measures to strengthen their information security, even most of the largest companies in Sri Lanka don’t have cybersecurity experts on their payroll; most small business don’t even have the budgets needed to hire expert tech services that can help them monitor subversive activity and identify vulnerabilities in their systems. But businesses of any size can, and must, take at least a few rudimentary steps to safeguard themselves – including creating awareness among employees and having in place information security best practices, and having some idea of disaster recovery in the event of a compromise.

Information security must be seen as an investment and one that is a critical component for your business, going forward. As criminals evolve, and marketplaces like the dark web become more mature and vicious, the business community must also grow in how it uses its systems and manipulates its data to prevent disruption to itself and its stakeholders who may also be compromised.