Charles Sweeney asks, are your staff inadvertently leaving the back door open via an innocent lunch-time browse?
The underbelly of the internet, known as the deep web, is 500 times the size of what we call the surface web – that which can be searched and indexed by the likes of Google, Yahoo! and Bing. Media reports concerning the deep web have often focused on the most harrowing stories from the hidden internet; ‘Silk Road' (already operating as Silk Road 2.0) and House of Cards' portrayal of a secretive organisation of readily available hacking specialists to name but two. Based on this hysteria it is no surprise that businesses can often fail to realise the clear and present danger that the deep web poses to their organisation.
Search engines work by using automated ‘spiders', otherwise known as crawlers or bots. These programmes trawl through web pages, following and noting hyperlinks, then analysing the pages' content in programmes that lead us to relevant information when we search. Sounds innocent enough, but without realising it you've entered the initial layers of the deep web. Take Amazon for example – every time you log in and search for a product, the page contains previous searches, related searches, searches you may be interested in and your own details and account links. In other words, the pages are dynamic; they are created because you have searched for them, meaning they are the ‘deep web'. The OEDB estimates that around 99.6 percent of internet content can be classified as ‘deep.'
So if that's the deep web, then what's all the fuss? Apply the theory behind the six degrees of separation and you soon realise that you are closer to the darker side of the web than you might think. There are multiple layers to the deep web. First stop Amazon and various other harmless sources such as Captcha-protected pages and archived news stories, but just a few stations up the line is the ‘Dark Web' or ‘The Midden'. This is where the deep web's innocuous initial levels give way and any number of things can come crawling out. All it takes is a peek into this (which can often happen inadvertently and without you even being aware) to leave a trace that a hacker can follow upwards into your business.
But what do these dark areas of hitmen-for-hire, stolen credit card numbers and illegal content have to do with your business? This is where it can be easy to be blasé. It's important to remember that while areas of the dark web may not want to be found, they certainly want to find you, and it has several tricks up its sleeve to lure you in. It is a digital game of cloak and dagger, and unless you've taken the correct precautions, it is a game that you'll lose.
Traditional security measures give little protection from these dynamic and often hidden threats from the deep web. Because they aren't engineered around real time technology, they open up a window of opportunity. The slightest delay in a site being monitored and shut down, coupled with the rise of proxy servers to bypass workplace firewalls, sites can long go unnoticed by web filters until they've caused damage and need to be acted against retroactively, can wreck havoc.
It fundamentally doesn't matter whether the deep web is accessed deliberately or inadvertently; the risk of not being properly protected is far too large a problem for a business to ignore. All it takes is one bored lunchtime browse, or a singular piece of information sent to a site masquerading as something else, and hackers and malware can easily find their way through an unlocked back-door into your company.
