Most of us are blissfully unaware of the dangers that lurk beneath the surface of the internet. While some business owners have a basic understanding of how the internet is structured, many don’t comprehend that their business has online vulnerabilities that go far beyond an upset customer posting a negative review online.
Beyond the results seen on a typical web search, one can find an often misunderstood section of the internet known as the deep web and a sometimes more nefarious counterpart called the dark web.
First, here’s the background. Imagine the internet is an iceberg, 10 percent above the surface is known as the clear web, visible web or surface web. This is where we spend most of our time online, and it includes mainstream news sites, blogs, social media sites and your company's public-facing website -- essentially, everything indexed by Google and search engines. Websites like Weather.com, CNN.com, Facebook.com and Apple.com are all part of the surface web.
The remaining 90 percent of the "iceberg" is known as the deep web, sometimes referred to as the deep net. This includes everything not indexed by search engines such as password protected sites, content behind paywalls, your company's private intranet and any content which is not visible to search engines – either on purpose or accidentally.
The deep web includes news sites behind a paywall, any site that requires a subscription, e-mail servers, electronic banking, anything saved on the "cloud" with a password, all of your Netflix movies and the parts of your company's website only accessible by employees and customers. Most of the commerce on the internet happens under the surface within the deep web.
The dark web is part of the deep web and is comprised of a set of special servers that enable people to communicate online anonymously. In my opinion, the dark web is the "bad neighborhood at night" of the internet. Originally developed by the U.S. Navy as an avenue for secretive communications, today's dark web is best known as a place for more illicit activities. For example, on the dark web you may find individuals selling drugs, guns, illegal images and videos, and private data. Yet, the dark web is also a platform for corporate whistleblowers as well as the journalists who want to speak with them, revolutionaries who are trying to overthrow hostile governments, and privacy advocates who simply don't want to be tracked during their time online. You will also find law enforcement agencies on the dark web, performing covert operations on the aforementioned illegal activities.
One important thing to note is that you are not going to wander onto the dark web by accident. You have to download a special browser, so you can't get there from Chrome, Firefox or Safari and your toddler can't access it on your iPad. (I can't say as much for your teenager).
The dark web is part of the deep web, but everything on the deep web isn't dark, even though some folks use the terms interchangeably. In fact, most of the traffic on the deep web is plain vanilla commerce.
Why should a business care?
It’s easy to misplace something on the deep web
Someone from your company could accidentally place a private document on a non-indexed section of your website. It "appears" invisible because it's not on a menu bar or easy to find; and an employee might think that, because they can't readily find it, it must be securely tucked away. Companies that have fallen into this trap have later found confidential documents, personal e-mail address lists and proprietary polices ending-up in the hands of outsiders. While documents may appear difficult to find, hackers can easily track them down to the considerable detriment of your company.
Your stolen information may end up on the dark web
The dark web is not only a place where people go when they want to remain anonymous but also when they want to sell stolen goods. While you might think folks on the dark web are mainly trafficking guns and merchandise, most companies have something more valuable for the cyber criminal: data.
Medical records, credit card numbers, and social security numbers are valuable stolen commodities. When someone hacks into Target and steals millions of credit card numbers, for example, they don't try to sell this information on the street corner in Manhattan. Sophisticated cyber criminals fence their goods on the dark web.
Any business that touches private data is vulnerable
If your company regularly writes down credit card numbers, banking information, driver's license info, social security data or any private medical information, you better have a plan in place to secure that information in the best way possible – but also plan to monitor the dark web for evidence of breaches.
Unfortunately, cybersecurity is now a way of life in business. While high profile cases like those impacting national retailers (or major political parties) get a lot of publicity, any business that documents private data is vulnerable to perils hidden within the deep web and the dark web.
Photo credit: everything possible/Shutterstock