How Threat Intel from the Dark Web Can Make Digital Transformation Safe

Although the term digital transformation can mean different things in different companies, the general idea is clear: The widespread adoption and integration of innovative, computer-related technologies in order to streamline business processes, boost productivity, and reduce costs. 

And it’s clear that the trends we’ve seen since the start of the COVID-19 outbreak have added a level of urgency in a competitive business environment. Given the technologically driven trends of 2020 – such as the increasing reliance on eCommerce and on working from home – companies have had to dramatically accelerate the digital transformation that many of them had already begun. In fact, it has been estimated that in recent months digital transformation has progressed at more than five times its pre-COVID-19 rate.

But there’s a major problem holding back many companies’ digital transformation efforts: their concern that they can’t make the move in a sufficiently secure way. Even back in 2016 – more than three years before COVID-19 – Gartner predicted that 60% of digital businesses would experience significant problems due to inadequate cybersecurity. Since then, the stakes have grown higher, especially since the coronavirus outbreak has increased the need for digital transformation. 

How can today’s companies accelerate their digital transformation without putting themselves at undue risk? Although many see cybersecurity as a concern that slows business down, today’s challenges show that it is actually a business enabler – empowering companies to innovate with the confidence that comes with strong cyberdefense. 

One key to making that happen is strong and actionable threat intelligence. For example, when a business identifies potential dangers that could either compromise its sensitive information or harm its customers, that company can prepare itself to mitigate those risks. Getting that kind of information promptly may enable the company to prevent an attack entirely – a much more cost-effective outcome than detecting an in-progress attack and trying to minimize its damage. 

For any company aiming to identify cyberthreats as early as possible, the dark web is the place to look. Because evidence of cyberthreats typically appears on underground forums far earlier than it would be detectable by conventional threat intel solutions, monitoring the dark web enables companies and organizations to act on these threats in a more timely way – often before a threat really materializes.

How does this dark web-focused approach to cyberthreat intel work, and how effectively does it protect companies along the path of digital transformation? To answer that question, let’s consider three major types of cyberthreats that some companies have faced due (at least in part) to their own digital transformation.

Threat type #1: Employee credentials

When it comes to cloud computing, a company’s employee credentials are rapidly becoming a critical layer of defense against cyberthreats. With cybercriminals realizing what an asset employee credentials can be for their schemes, many now turn to the deep and dark web to buy and sell stolen credentials. Once a threat actor gets their hands on a set of compromised of credentials, it becomes far easier for them to bypass a targeted company’s security controls and act as a company insider. 

How does monitoring the dark web protect employee credentials? If your cyberthreat intel solution detects these credentials for sale on the dark web, you can use this information to mitigate the risk they pose to your company. For instance, you can investigate the criminals behind this threat and invalidate the compromised credentials. And because these credentials are likely to show up on the dark web before an attack takes place, you can act promptly, preventing or minimizing the harm caused to your company or organization. 

Threat type #2: Insider recruitment

Cybercriminals know that insiders (such as employees) offer unmatched access to companies they’d like to target. After all, why break in through a window when you can get someone to do it for you? Furthermore, an insider can help a threat actor expedite an attack, because they likely know where the relevant company information is, what controls are in place, and how to steer clear of those controls. 

So it’s unsurprising that recruiting these insiders is often a part of criminal plots. In fact, according to Verizon’s 2019 Data Breach Investigations Report (DBIR), insiders are involved in 34% of data breaches (although not necessarily always intentionally). And the dark web often plays a key role in facilitating communication between criminals and the insiders they’re looking to work with, with criminals targeting specific companies and sometimes a particular individual for recruitment. That makes monitoring the deep and dark web for such activity an important part of any modern security team’s arsenal. 

Threat type #3: Customer data

Despite the best of controls and security personnel, criminals are often able to exfiltrate data from a company’s cloud or gather personally identifiable information (PII) from IoT devices. It’s common for this data to end up for sale on the deep and dark web, where threat actors can purchase it in order to use it in a subsequent cyberattack. For example, compromised credit card information is often sold via underground forums before being used for online theft. Monitoring these forums can provide a cybersecurity team with advance knowledge of a potential cyberattack designed to leverage customer data. 

Obviously, if a company fails to stop this kind of attack, the reputational damage could have powerful financial implications – especially in light of alarming news stories that often make consumers think twice before providing their personal information online. Furthermore, groundbreaking legislation passed in recent years in countries and regions around the world (such as the GDPR in Europe and the CCPA in California) can prove devastating for companies that have suffered from a cyberattack. For instance, just last week, British Airways was slapped with a fine of 20 million pounds ($26 million) for security failures that allowed for a massive breach of customer details in 2018 – a massive penalty, though far less than the 183 million pounds ($229 million) that regulators had initially sought under the GDPR.

Securing your digital transformation

If digital transformation was a major initiative for businesses a year ago, in today’s world it is an imperative for virtually all types of companies. But many face major hurdles as they consider how to move forward. And at the heart of many of these challenges are concerns related to cybersecurity and the financial harm that could result from data breaches, especially in light of legislative trends we’ve seen over the past few years.

The upshot for any company looking to securely embrace digital transformation? It’s essential to have the right cybersecurity technology, personnel, and procedures in place with a strong focus on threat intelligence. And because speed is critical when dealing with a potential cyberthreat, you can get a leg up on cybercriminals by monitoring activity on the dark web instead of waiting for a possible attack to begin. 

While this on its own cannot guarantee the success of your innovative digital initiatives, it can give you a new level of safety and intelligence as you move forward on your digital transformation journey.


How does having eyes on the dark web empower you to protect your company or organization from potential threats as you move toward digital transformation? To see for yourself, request a demo of Sixgill’s cyberthreat intel solutions today.