I’m starting this post on Tuesday 12th November. A month today, the UK will go to the polls in the first December General Election since 1923 – and the battle lines are being very firmly drawn.
Depending on your point of view there is now a hard right axis of Trump/Johnson/Farage that – bolstered with a clear majority in the new parliament – will deliver the hardest of hard Brexits and sell the NHS to the American drug companies by Easter.
Or you read John McDonnell’s plans for the economy in general and your business in particular and think that nothing is too high a price to pay to avoid Jeremy Corbyn walking through the door of 10 Downing Street.
And this morning former First Lady and Democratic candidate Hillary Clinton has waded into the debate. She is demanding that the UK government immediately publish the report into alleged Russian involvement in British politics.
I’ll leave you to argue the rights and wrongs of that – just as I’m sure you have your own opinions on alleged Russian involvement in the 2016 Presidential race. Conspiracy theories – tales of mysterious hackers, the folly of allowing Huawei to build your 5G network – are everywhere.
Central to many of these conspiracy theories is the so called ‘Dark Web:’ the place you go to satisfy the demands that cannot be met on the normal web. Where you search for the services that are not covered by Amazon Prime…
The Dark Web is, of course, the preserve of criminals, their customers and the law enforcement agencies that chase them. Law abiding people like you and me have nothing to fear from it – and need never go near it.
Sadly, that’s no longer the case. We may all need to add, ‘Learn more about the Dark Web and the threat it poses to my business’ to our to-do lists. So we’d better make a start…
What exactly is the Dark Web?
Simply put, it’s an area of the internet only accessible with specific software, such as Tor and I2P, which are designed to conceal your identity. Tor was originally set up by the US Navy to protect military intelligence: now it is widely used to protect the identity and location of millions of users.
So is the Dark Web just for criminals?
Well if you’re a fan of the Trump/Johnson/Farage conspiracy theory you’ll certainly view the BBC as a criminal organisation… They recently launched on the Dark Web, in a bid to beat censorship in countries like China. Facebook – another company looking to expand its reach in countries where freedom of speech is restricted – is already there.
Neither is it true that criminals only use the Dark Web. There is plenty of criminal activity on the normal web, especially in countries where law enforcement is lax. There are also – apparently – multiple criminal forums that exist on the everyday web, but which are heavily encrypted and password protected.
This is known as the ‘deep web’ and it’s commonly suggested that the Dark Web and the deep web account for perhaps 95% of total online content. The internet is effectively like an iceberg: the bulk of it is hidden from normal users.
I thought they were trying to take down the Dark Web?
Yes: the most famous – or notorious – marketplace was Silk Road, and that was closed down by the FBI and Europol in 2014, with its founder sentenced to life imprisonment without the possibility of parole. There have been other successful ‘take down’ operations since then and, on the face of it, the good guys are making progress.
To be successful criminal marketplaces need the same as any other business: they need to gain trust, they need to build a reputation and they need to deliver what they promise to deliver. Very clearly, the more their activities are disrupted the more they will struggle to do this.
So should we still worry?
Sadly, the answer is ‘yes.’ Criminal activity is constantly evolving and anything that can be traded for profit is a target. That includes usernames, passwords, bank account and credit card details, intellectual property and employee information. And once data like intellectual property is gone it is gone for good. You find out someone in say, China, has stolen your intellectual property: let’s be blunt, there is virtually nothing you can do about it.
Worryingly, it takes a business an average nine months to discover that a data breach has occurred. During that time everyone is at risk: the employer, the staff and the customers. And, of course, the cash.
That’s why 2020 is going to be a year when taking your security seriously – checking your security as frequently as you check your KPIs – is going to be crucial. The name of your dog will no longer do as your password. And let’s stop something that is all too common in business: having company information sent to personal e-mail addresses ‘just because it’s a lot easier.’
If 95% of the internet is hidden from normal users, it is logical to assume that somewhere within that 95% are threats to your business.
So you have not won the lottery you didn’t enter: there is not a parcel you didn’t order waiting for you at the airport and – hopefully – your business did not have an entry in that international trade directory you’ve never heard of.
Meanwhile, the Labour Party is claiming it is the victim of a cyber attack from Russia and Brazil. Not so, replies the National Cyber Security Centre. As I said, mysterious hackers everywhere. Just do everything you can to make sure they don’t knock on your door…