Schaumburg, IL, USA (7 August 2018) – Though commonly associated with illegal activity, in the new “ISACA Tech Brief: The Darknet” publication, ISACA explores the positive ways users are tapping the darknet--including communication for people in oppressive societies; for organizations gathering business intelligence; for security professionals to track hackers.
The darknet operates within the deep web, accessible to those who know how to get there, usually through a direct link, IP address or Internet relay chat (IRC) room. Access requires special software that uses a randomized path to its destination where a world of content exists on overlay networks, like Tor, whose URL addresses are hidden and can change regularly.
“Over 2 million people access the darknet through Tor daily. As long as people want to buy data and information to use against individuals and corporations, the darknet will continue,” said Robert E Stroud, ISACA director, past board chair, and chief product officer at XebiaLabs.“If anything, it may go more public – in essence, hiding in plain sight.”
Even though there may be potential benefits to darknet use, ISACA points out that enterprises may put their business and their customers at risk, through the potential exposure and/or loss of customer data and its subsequent sale on the darknet. In addition to financial consequences, organizations risk reputations as well. For protection from darknet risks, ISACA recommends:
- Use a secure environment to access the darknet. Malware and unwanted traffic can easily invade an enterprise’s network if the darknet is accessed from a computer that is connected to it.
- Be proactive. Consider investing in a staff or a third-party resource to monitor the darknet for any company-related content.
- Use basic security tactics. Going back to basics, including creating robust backups, is essential, especially in responding to ransomware.
- Investigate stronger commercial solutions. Some organizations may require more in-depth protection for their high-risk, high-value systems; these solutions may require a license and generally charge a fee to monitor organization activity on the darknet.
- Acquire insurance. This is, of course, in addition to having security practices in place.
The darknet is evolving, making it difficult to control—which enterprises should not attempt to do. New darknets that are deeper, darker and harder to trace are already appearing. To meet the challenge, enterprises and trained professionals must be proactive and keep up with innovations in the field.
“ISACA Tech Brief: The Darknet” can be downloaded for free here. Additional ISACA Tech Briefs featuring guidance on topics such as AI, blockchain, virtual reality and 3D printing can be downloaded for free here. ISACA also provides additional guidance and resources around cybersecurity at https://cybersecurity.isaca.org.
Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.
Michelle Micor, +1.847.385.7217, firstname.lastname@example.org