The dark web advantage: Can you beat the hackers at their own game?
In keeping with the risk outlook over at least the past 10 years, it’s almost certain that cyberattacks will grow even more aggressive and brazen in 2024. The pandemic continues to be one of the driving forces behind this uptick, as more organizations than ever before now have remote or hybrid work policies in place and operate on cloud-based technologies.
Cloud service providers are a lucrative target for hackers as the entire business model of these providers is predicated on operational servers. Even if they’re unwilling to pay a ransom, such a hack could also reveal a back door to thousands of other clients who may be more inclined to do so.
Remote work also provides a unique opportunity for insiders to initiate or collude with hackers to facilitate a cyberattack on their employers. These attacks have become more common since 2020, and organizations should expect them to increase in frequency as threat actors innovate new ways to recruit and train insiders via financial or punitive (e.g., extortion) incentives.
Other transformation initiatives also have the potential to increase cyber risk. Many organizations have rapidly adopted digital platforms and tools without performing the necessary risk assessments and/or updating policies and procedures to reflect these changes. Any new hardware or software implementation could be a source of risk. One area of particular concern in the year ahead will be the ungoverned use of ChatGPT and other generative AI tools, which have a high potential for misuse and could lead to leaks of sensitive and proprietary data.
The 2022 invasion of Ukraine has also increased tensions between Russia and many developed nations and raised questions about China’s intentions with Taiwan. At the very least, this should lead organizations to be more mindful of state-sponsored hacking in the coming years, as Russia and China may seek to improve their posture and establish cyber superiority. Organizations that should be especially vigilant include the public sector, major infrastructure (energy and utilities, oil and gas, etc.), those that have an outsized impact on national GDP, and those that collect and store large volumes of personal and proprietary data.
Finally, organizations should consider the possibility that they may be the target of an ongoing attack or were the victim of a past attack that hasn’t yet been detected. The incident need not have resulted in a disruption to normal operations for hackers to steal sensitive data — including login credentials and employees’/customers’ personal information — and sell it on the dark web. It is now possible to beat the hackers at their own game by utilizing a service that can scan the dark web and determine what might be the hacker's next move.
Related risks
- Insider threat causing cyber risk or data exfiltration
- Ransomware attack
- Deepfake social engineering
- Weak operations technology governance
- The Internet of Things creating cyber exposure
- Critical infrastructure at risk
- Controls weakened by the shift to a hybrid workforce
- Data privacy breach
- Supply chain risk
- Non-compliance
Key questions to ask
- What actions have you taken to verify that cloud service providers have the appropriate practices and controls in place to anticipate, respond to, and mitigate cyber risks?
- Is the frequency and intensity of cyberattacks against your organization increasing over time, and/or what is the (changing) nature and vectors of these attacks? What measures has your organization taken to mitigate the likelihood and/or impact of the attacks?
- Do you complete background checks on all new employees who have access to confidential or private data?
- Do you have software to identify and escalate inappropriate access to data / attempts to transfer confidential or private data outside your organization?
- Do you know how often confidential or private data is emailed outside your organization to private email addresses?
- Have you found ransomware on an internal server or drive? If yes, was a root cause analysis completed to determine who saved it there and when?
- Have you ever utilized a Dark Web scan to determine what the hackers are saying about your organization?
- Do you have sufficient training and tabletop exercises with leadership to discuss how to respond to and manage a ransomware attack?
Red Flags
- Employees do not receive any training on cybersecurity risks
- Internal phishing programs continue to see multiple employees clicking on links that could be genuine phishing attempts
- Your IT security function has not taken steps to obtain assurance over the security measures implemented by your cloud service provider
- The Internal Audit function has not conducted cyber security audits in an extended period
- The Dark Web identifies that hackers are discussing your organization or trading in your stolen data
Internal Audit Project Opportunities
- Information Security Policy and Procedure Audit
- This audit reviews the organization's information security policies and procedures to ensure they are comprehensive, up-to-date, and aligned with industry best practices.
- Access Controls Audit
- This audit assesses the effectiveness of access controls in place to protect sensitive information and systems from unauthorized access.
- Network Security Audit
- This audit examines the organization's network infrastructure to identify potential security weaknesses and ensure the implementation of appropriate security measures.
- Vulnerability Assessment and Penetration Testing Audit
- This audit reviews the results of vulnerability assessments and penetration tests conducted on the organization's systems and applications to identify and remediate potential vulnerabilities.
- Security Patch Management Audit
- This audit assesses the organization's processes for identifying, testing, and applying security patches to address known vulnerabilities.
- Data Protection and Encryption Audit
- This audit evaluates the organization's data protection measures, including data encryption, to ensure that sensitive information is adequately safeguarded.
- Incident Response Preparedness Audit
- This audit assesses the organization's readiness to handle cybersecurity incidents effectively, including the existence of incident response plans and the training of staff to respond to incidents.
- Security Awareness Training Audit
- This audit examines the effectiveness of cybersecurity awareness training provided to employees to reduce the risk of human-related security incidents.
- Physical Security Audit
- This audit reviews the physical security measures in place to protect critical infrastructure, data centers, and other sensitive areas.
- Endpoint Security Audit
- This audit evaluates the security controls implemented on endpoints (e.g., laptops, desktops, mobile devices) to protect against malware and unauthorized access.
- Data Backup and Disaster Recovery Audit
- This audit ensures that data is regularly backed up, data restoration has been tested, and disaster recovery plans are in place to restore critical systems and data in case of a cybersecurity incident or natural disaster.
- Identity and Access Management (IAM) Audit
- This audit examines the organization's IAM processes and technologies to ensure that user access is appropriately managed and monitored.
- Third-Party Vendor Security Audit
- This audit assesses the security practices of third-party vendors and service providers with access to the organization's systems or data.
- Regulatory Compliance Audit
- This audit reviews the organization's compliance with relevant cybersecurity laws, regulations, and industry standards.
- Cybersecurity Governance Audit
- This audit evaluates the effectiveness of the organization's cybersecurity governance structure and oversight processes.