21 April 2019

Identity Theft Protection from the Dark Web

Identity Theft Protection from the Dark Web

The role of the Dark Web in facilitating identity theft is coming under the spotlight. Hundreds of millions of email, password and financial details are readily available for online purchase. These stolen credentials pose a significant risk not just to the individual, but also their employer.

Fortunately, new Identity Theft Protection systems are now able to see into the Dark Web, identify when stolen credentials appear and warn an organisation to take action.

Why Stolen Personal Accounts Matter to Organisations

According to the Gemalto Breach Level Index (2018), 65% of IT security breaches were carried out for identity theft. One Dark Web site recently boasted of offering 620 million stolen accounts from 16 websites. However, this is just the tip of the iceberg when it comes to reported breaches.

The danger for an organisation comes from employees re-using passwords, or similar variations when accessing both personal and company systems. Company email addresses used with personal accounts multiply the danger.

The haveibeenpwned.com website lets you enter an email address to check if any linked credentials have been hacked. [Spoiler alert: your past details are very likely to have been breached]. If the same passwords used on the breached accounts can also access company systems, the organisation’s data and that of their customers is at risk.

What is Identity Theft Protection?

Identity Theft Protection (ITP) provides a full-time, company-grade haveibeenpwned. Rather than entering individual email addresses manually, ITP tools actively search the Dark Web to identify past breaches and flag any new cases for monitored domains. Alerts enable passwords to be changed and identify practices which need to be reviewed.

First Focus conducted a series of tests using the latest ITP tools. Concerned by the findings we made clients an offer to trial the service.

All of the organisations that trialled the service discovered prior breaches, except one client with a new domain. Two clients now using the ITP continuous monitoring reported new third-party breaches this month

Identity Theft Protection is not a substitute for fundamental security methods. However, as part of a multi-faceted approach to detecting and preventing security risks, ITP offers an important but relatively in-expensive extra layer of security. ITP acts as a back-stop to educational campaigns on password management and complements other tools such as Multi-Factor Authentication and Network Traffic Analysis.

Testing your personal details with haveibeenpwned is highly recommended. Try it yourself and tell those you care for about it.

For your organisation we recommend an Identity Theft Protection trial to identify any previously compromised accounts and to help protect against new breaches.