What do large organisations need to understand about the
dark web?
The term Dark Web has many sinister undertones, and can
be use used for illegal activities. The
World Wide Web that we know and use, is
accessible by a browser and is indexed using software called crawlers. Crawlers allow the sites such as Google to
know where websites are and the sort of content they contain. There are elements that can not be indexed
such a dynamic content, which generates the content on the fly, which is often
referred to as the Deep Web.
What do many fail to grasp at the moment?
The Dark Web contains sites that require specific
software to access it, and the network is encrypted to conceal the activity
whether through privacy concerns or to cover illegal activities. It should also be considered that the Dark
Web is tiny compared to the World Wide Web.
A recent article believed there are between 7,000 to 30,000 hidden sites
on the Dark Web, equating to around 0.03% of the Web.
The Dark Web is often referenced as the location of where
stolen credentials are sold. Rather than
monitor or access the Dark Web, it is more important to protect the data in the
first place. Personal Identifiable
Information (PII) should be encrypted, so it would render the information to
being gibberish to the perpetrator. Many
of the recent attacks, which have allowed thousands of records to be stolen
have been achieved by using SQL Injection attacks. If information needs to be accessible to the
internet, ensure OWASP standards are followed, ensure the website is tested by
a penetration testing organisation and ensure critical data is encrypted.
No comments:
Post a Comment