The Singapore Management University (SMU) has raised a question on cybersecurity and Dark Web, with a pertinent question whether the organisations and businesses understand this platform at all and know what's really there.
In a news release on the SMU website, while explaining this matter, they added expert's opinion, which includes the remarks from Mikko Niemela, who is the CEO of Cyber Intelligence House (CIH), a Singapore-based company.
While explaining the process, CEO of the company which specialises in the detection and monitoring of cyber exposure from the Dark and Deep Web, Niemela told Perspectives@SMU that these are the kind of encrypted platforms which are not accessible through traditional search engines.
Niemela said: "The anonymity that the Dark Web allows, using a combination of routing and encryption, has made it a go-to place for discussing, planning and hosting illegal activities" which include drug trafficking, weapon trading, criminal activities, terrorism and cyber-attacks exposing personal data.
It should be noted that in most jurisdictions, accessing to a Dark Web is not a criminal offence, but the anonymity it provides makes it a source of concern for authoritarian states.
While explaining Niemela also said that the challenging part about the Dark Web is that it doesn't include an index and "its nature is such that pages are taken down without any data trail left unlike in the normal internet space, which makes the security risk stakes higher than ever."
However, CIH has built its own search engine to trawl through the Dark Web with a system in place to archive all the data and analyse the chatter, which is complicated when it comes to investigating data breach incidents.
In addition, Niemela mentioned that companies usually don't know much about cyber exposure or what has to be done to mitigate threats and for the companies, it is also imperative to know and understand their exposure levels.
It happens so rapidly due to the digital transformation and the increasing complexity of networks, which is creating expanded attack surfaces and endless virtual entry points. He has pointed out many organizations assume that "buying a preventative solution is enough, but in reality, equal emphasis must also be put on monitoring and response."
Niemela advised the companies and the employees to receive proper training to understand the already mentioned fundamentals of cybersecurity, as it has been found that over 80 percent of the hacking against organisations happened through targeted employees. So, it is important for the employees to be educated on the risk factor of sharing personal information, password and other details.
However, it should be noted that the even though Dark Web is known for illegal activities by cybercriminals, there are several Dark Web browsers such as TOR and EPIC, which can also be used to access regular websites and this route is also used for legal purposes. Dark Web can be used for investigative journalism, whistleblowing and testing of new internet services.
It should be mentioned that last year in April along with Nanyang Technological University (NTU), National University of Singapore (NUS) and Singapore University of Technology and Design, SMU was also attacked by alleged Iranian hackers, who stole more than 31 terabytes of academic data and intellectual property from other institutions across the world.
The primary investigation showed that the data breach was in the form of a phishing attack where all the staff were directed to a credential harvesting website to provide their login details to gain illegal access to the institute's library website where the hackers looked for research articles.