Cyber risk and the dark web
In this day and age, the term ‘cyber risk’ is used rather too loosely and often incorrectly, with many people applying it to describe occasions when anything related to an information technology system is disrupted.
What is cyber risk
The Institute of Risk Management (IRM) defines cyber risk as “any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems”. Cybersecurity risk is not just a buzzword - it has become one of the most major concerns for board members in companies around the world. In Deloitte’s ‘Global risk management survey’, which provides findings on the state of risk management for the global financial services industry, cybersecurity risk has been reported to be one of the greatest risk concerns.
Regulators around the world have picked up on this growing challenge by increasing their focus on cybersecurity risk. For instance, in December 2018 the European Banking Authority (EBA) published a consultation paper with proposed guidelines on ICT and security risk. As part of the consultation process, large banks were requested to populate an ICT questionnaire.
Another European regulator, the European Securities and Market Authority (ESMA), extended its operational risks analysis to include cyber risk. In addition, the European Union Agency for Network and Information Security (ENISA), which is the information security in the EU, published a report in 2018 mentioning a total of 15 different types of cyber threats. These include the likes of ‘denial of service’, ‘information leakages’, ‘data breaches’, and ‘identity thefts’, among others.
Should any of these threats materialise, apart from profitability, the reputation of the affected organisation would be tarnished. Unfortunately, it generally takes quite a while for entities to realise they are under attack. By the time the entity becomes aware, hackers would have already penetrated the systems, stolen the data and/or weakened the internal IT structure, leaving the entity in a vulnerable state. What is left to be uncovered is what the attacker seeks to do with the stolen data.
In most cases, hackers will not use the data themselves but are either engaged by a third party to obtain the data or have the aim to sell the information on the dark web. Buyers from the dark web may use this data for different purposes including financial theft from credit cards, creating fake passports and identities, transferring money between accounts, reselling information at a higher price to the media, or to support other illicit activities. Once the ‘community’ of the dark web acknowledges the achievement of a hacker, the hacker may then request a ransom from the target entity to release the data back to them.
So what is the dark web?
On the flanks of the portions of the World Wide Web that are accessible to ordinary citizens lies a separate part of the internet that can facilitate illicit activities. One of the major differences between the dark web and the surface web (i.e. ‘the normal web’) is that the information/data available is established in such a way that it cannot be indexed by a search engine.
Parts of the interface of the dark web are similar to the surface web. Thus, one could find the interface of the sites in the dark web similar to Wikipedia, Amazon, eBay, etc. However, the dark web can be rather sinister. It can be used to search for news that is not available on the surface web, discuss topics without censorship and also used to find illegal items sold on the black market such as: drugs, off-the-shelf computer virus packages and people’s personal information including identities, credit card details, passport numbers, passwords, username and so much more.
It is important to highlight the level of difficulty associated with accessing the dark web. Indeed, to access the dark web, only a virtual private network (VPN) and a Tor browser are needed. A VPN enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Tor is free and open-source software for enabling anonymous communication. The reason why Tor is used as a browser instead of other browsers such as Internet Explorer, Google Chrome and Firefox, is because Tor is anonymous due to proxy servers usage. This makes it difficult for someone to be identified and traced.
What is the relationship between cyber risk and the dark web?
As mentioned above, some hackers try to hack systems and steal information not only for financial profit but also to gain ‘respect’ from their community of the dark web. After they steal the information, they upload it on the dark web so other people can recognise their ‘achievement’.
Another reason why hackers steal information is to request a ransom from the company being attacked and also to sell the data they steal on the dark web. However, since the ransom is usually sufficient, data is sold at a cheap price. The problem is that, throughout the hacking process, both clients and the targeted company are often unaware that their data has been stolen. By the time the attack is uncovered it is usually too late for both the company and victims (the clients) to act and reverse their loss.
Undoubtedly, cyber security will continue to dominate the regulatory and strategic agenda in the coming years. In an increasingly digital operating environment, businesses will need to up their game around cyber risk, especially in terms of investment in people, training and awareness as well as infrastructure.
Adam Karl Farrugia is a manger within Deloitte Malta Risk Advisory. For more information, please visit www.deloitte.com/mt/risk