BYLINER | The rise of the dark web in Asia Pacific: Can businesses stand guard against it?
By Michael Ngan
country general manager
Lenovo Philippines
As Asia Pacific becomes one of the world’s largest digital economies, we can expect unprecedented amounts of personal data to be exchanged. With more than 2.007 billion unique internet users, accounting for almost half of the region’s population, Asia Pacific’s accelerating technology adoption has led to an ever-increasing number of devices. Furthermore, the rising number of devices and endpoints means increased opportunities for infiltration from cybercriminals, especially if users and organizations fail to take precautions.
Today, it is also almost impossible for modern businesses to function without the implementation of data, of which cybercriminals are also highly aware. Asia Pacific has hence become a lucrative target for cybercrime, and increasingly so on the “dark web.” While the dark web community in Asia is still relatively small compared to its Western counterparts, it is nonetheless a rising threat that cannot be ignored.
The thriving business of private data
Dark web refers to a part of the Internet that is not indexed by search engines. Access to it requires special software, which allows users to conceal their identity and activity behind multiple layers of encryption. Due to its anonymity, it is estimated that over 50 percent of all sites on the dark web are used for criminal activities. Although many associate the dark web with illegal drugs or stolen artifacts, it is also rife with the disclosure and sale of digital credentials such as account usernames, email addresses and passwords. These are often sold by cybercriminals who have gained access to sensitive information such as financial and healthcare data.
The selling of personal data has become a thriving business, with prices per identity going up into hundreds of dollars. In the Philippines, one of the biggest private data leaks happened during the period leading to the 2016 general elections, wherein the personal information of millions of registered voters were revealed to the public. According to information technology security experts, it is likely that this information was in the dark web.
Fortunately, the Philippines government has moved to combat this threat. Last year, it has been reported that the National Privacy Commission, the nation’s chief privacy watchdog, had hired white hat hackers to conduct sweeps on the dark web to check for potential threats to Filipinos and help search for illegally acquired data.
Why businesses should care
Businesses must turn their attention to combating the real and rising threat of data breaches. After all, more than half of all cyber-attacks in Southeast Asia resulted in a loss of more than $1 million. Locally, Microsoft expects that organizations in the Philippines might incur a staggering $3.5 billion in economic losses due to cybersecurity incidents, with a large-sized organization possibly sustaining a loss of $7.5 million.
In addition, organizations face opportunity cost due to reputational impact such as customer churn due to loss in confidence and trust. According to Ponemon Institute, companies that lost less than 1 percent of existing customers incurred an average total cost of $2.8 million, while companies that experienced a churn rate of greater than 4 percent lost $6 million on average. While not easily quantifiable, loss of reputation is likely to erode future business opportunities and, in extreme cases, lead to complete business failure.
Hardware, software, and services must work in tandem to combat the threat
Hence, cybersecurity must now go beyond being product-focused, it requires end-to-end solutions, a holistic approach, and a more stringent and calculated approach to devices. This is especially crucial in this era of the mobile workforce, where work is no longer confined to the four walls of the office, and cyberthreats are further amplified.
How could organizations be proactive in ensuring their security solutions could meet their business needs? Here are four areas of consideration:
Device security.Cybercriminals are increasingly targeting the supply chain to introduce vulnerabilities into devices during manufacturing and prior to delivery. It is hence pertinent to choose the right partner who could provide devices, which are secured right from the first layer of supply chain.
Identity security. Around 81 percent of data breaches involve weak, default or stolen passwords, and phishing attacks have grown 65 percent year-on-year. Identity clearance through layers of authentication, safer password-free logins and fingerprint scanners are new ways to ensure user identity security without complexity. Having a built-in authentication for personal computers that adheres to Fast Identity Online Alliance standards is an added advantage to securing your device.
Online security. An unsecured connection invites thieves, opening the door of your device — and your company — to devastating attacks. Equip your devices with solutions such as Virtual Private Network, that could detect threats and notify users when they are about to connect to unsafe wireless networks.
Data security. With every security breach, there’s a lot at stake: millions of dollars, the organization’s reputation and even your job. Shielding data in the new age requires an all-encompassing and scalable security solution to stay ahead of criminals in the cyberspace.
As cybercriminals are more cunning and threats more sophisticated than ever, a holistic approach towards security would be key to business’ success and enable employees to do what they do best — pursue innovation and capture new market opportunities. Thus, it is imperative for businesses to take action today, to ensure they have the right security solutions and a strategic approach to devices employed in the modern workplace.