Many businesses do not think much about the Dark Web, a shadowy area of the Internet that can be accessed only via special software like Tor and which does not appear in indexes of traditional search engines like Google. It is perhaps best known as the home of the Silk Road, a website called "the cyber underworld's largest black market" before the FBI shut it down in 2013.
But not thinking about the Dark Web is a mistake, said Stephen Arnold, a technology and financial analyst.
Arnold said he knew of a company with fewer than 100 employees where a tech-savvy employee used company servers to host a site on the Dark Web, unknown to his managers or colleagues. Some 70 percent of Dark Web activity runs on servers in the continental U.S., he said, which makes it likely that "rogue" employees of other U.S. companies are using corporate technology assets to facilitate activity such as the sale of illegal drugs, weapons or pornography.
Hackers also increasingly use the Dark Web to buy, sell and trade information, which makes it a tempting avenue for internal bad actors to try to sell high-value corporate data such as bank account information, Arnold said. Because of this, he added, companies need "a security approach that monitors behavior of employees and proactively delivers active intelligence."
According to a recent survey of information security professionals, only 21 percent of respondents said they continuously monitor behavior of insiders, with 26 percent monitoring access logging only and 14 percent doing so only after an incident is flagged by forensic analysis.
Many security professionals rely on approaches they have used for a decade or more and pay scant attention to newer technologies, Arnold said. "If a security manager has a plan to update firmware and applications and has signed up to get alerts from organizations reporting vulnerabilities, it may be difficult to convince that manager that he needs next generation technologies."
He mentioned a threat intelligence solution from a company called Recorded Future as an example of a newer technology that can help proactively flag suspicious activity. Recorded Future's technology automatically searches the entire Web – including the Dark Web -- for Tor activity and cross-references it with other information to root out emerging threats.
"Until security professionals break out of the 'not invented here' or 'I only do what I know' syndromes, it will remain trivial to exploit systems," Arnold said.