If you're like me and have a knack for cyber security trends, you will find yourself having many sleepless nights. Our lives and data is are the internet for the taking and the weakest link in finding compromised data is knowing it's been compromised in the first place. On a personal level, it's a frightening ordeal to say the least. On a business level, it could make or break your company if sensitive data is compromised in a data breach.
There are plenty of solutions out there that will monitor your network and help with perimeter defenses for personal use and business networks. However, even the most secure companies can find themselves falling victim to a cyber attack. The scariest part of this is that data can be compromised without anyone except for the cyber criminal knowing it.
Hackers are continuously finding ways to hide their tracks. Vast amount of data breaches happen every day that go unnoticed, because hackers understand how to grab large amounts of data without triggering any alerts on suspicious activity. Even log files can be altered, sparking the emergence of tamper evident logging.
How can we possibly understand the magnitude of unnoticed data breaches if they are "unnoticed"? It's quite the conundrum. But it does not mean it doesn't happen. Consider the fact that the Yahoo breach (one of the largest cyber attacks in history) took almost 2 years to unfold. Additionally, many breaches take more than 6 months to uncover. It's because hackers are good at hiding their tracks and businesses usually don't know they've been breached until an outside source, such as a credit agency, brings it to a businesses' attention.
What is Deep Web Monitoring?
This is why deep web monitoring has been emerging as a new type of solution for IT security teams. Deep web monitoring (or dark web monitoring) isn't your mom and pop's identity protection services. Those services simply alert you when your PII (personal identifiable information) has been compromised in a "known" data breach. What about all the other breaches that go unnoticed? That's where deep web monitoring comes into play.
So what is deep web monitoring exactly? It's actually just like network monitoring, but instead of monitoring your network traffic and taking an outside-in approach to security, deep web monitoring is a type of solution that searches the deepest crevasses of the dark web (an inside-out approach) for data that has been compromised. There are some caveats in current deep web monitoring solutions since it is a solution still in its infancy. For example, just because a certain data set is found on the dark web that is redundant to data that you are safeguarding doesn't necessarily mean that data was compromised from your business.
Ian’s Research states, “This is currently an under-served space by vendors because it’s a relatively new concern. Even many progressive, forward-leaning organizations have not yet focused on this issue, although some are starting to acknowledge it. Since there’s not much out there in terms of products and services, security organizations are having to cobble together a few different strategies to address this.”
Marking Data to Detect Illegal Activity
To increase the effectiveness of a deep web monitoring solution, IT security teams have actually placed a certain amount fake PII on their business networks. It's similar to how police will mark dollar bills in order to catch mobsters and drug dealers conducting illegal activity. IT teams will deploy a specified amount of fake data in their systems in case a data breach happens to occur without notice. Then they can try to trace that fake data using deep web monitoring solutions. That fake data is essentially a "marked bill" that if found on the deep web, proves that a breach has actually occurred.
Since this type of security solution requires scouring the dark web and processing a vast amount of data, automation and eventually AI will have to play a much bigger role in the deep web monitoring business. Only time can tell when this becomes a mainstream form of data breach detection. But we live in a world where our data is constantly under attack. Obviously plugging the holes in your network and increasing perimeter defense will help, but deep web monitoring may be the progression in detecting a data breach.