The “Dark Web” is a portion of the Internet that cannot be found using traditional search engine programs, which has made it into a hub for illegal black market transactions. These include illicit items that can be bought and sold physically, as well as digital items such as ransomware and other malicious software. The Dark Web is also a place where individuals can buy and sell corporate data often obtained illegally through network breaches. There have been a few instances where information acquired in high profile hacks, such as the Uber breach last year, was found being sold on the Dark Web.
Though not all data breaches may be inherently linked to the Dark Web, its status as the inevitable marketplace for the information mined in such attacks means that it is irrevocably tied to modern cybersecurity concerns. As by definition it cannot be indexed by search engines, the Dark Web represents a blind spot in cyber defense. Data being sold here will not be discoverable through standard means, which may allow breaches to go unnoticed for some time.
This can become a complicating factor in establishing compliance with the European Union’s upcoming General Data Protection Regulation (GDPR), which mandates a complete redefinition of what constitutes personal information. It establishes that any data that can be used to identify an individual will become their personal property and that organizations must make every effort to inform EU citizens if they intend to collect such information from them. Another key provision of the new law stipulates that companies must immediately alert anyone whose data they store of a suspected breach.
Once data appears on the Dark Web, it may be ruled as visible under the GDPR and be grounds for penalization. As data grows in value, attempted cybersecurity breaches for the sake of mining sensitive information will only increase. Many networks have several loopholes that can be exploited quietly by hackers using techniques such as phishing. Your data can be stolen without any major signs that a breach occurred.
Maintaining compliance with the GDPR means not only taking every measure to secure your network, but also to proactively determine if you may have ever been the victim of a data breach. Contact us to learn more about our Dark Web ID scan which may help you discover if any of your information is out there in the Dark Web.