5 Ways to Protect Against the Dark Web & Shadow IT

Regardless of whether we want to acknowledge it, construction companies are targets of cybercriminals and activity. Companies in the construction space store information on a multitude of devices across many locations and jobsites with users at all levels of IT sophistication.

However, there are ways you can help mitigate cyber risk in your company. This article discusses a few threats to a company’s security and highlights some actions your company and its employees can take to mitigate cyber risk.

The Climate

According to the Identity Theft Resource Center, the number of reported breaches dropped from 1,362 in 2019 to 1,108 in 2020.1 At first glance, it may appear that we’re getting ahead of the malicious actors who perform these breaches; however, the way in which cyberthieves are obtaining information is changing, as ransomware and phishing attacks are now the preferred method of data theft. In addition, construction companies continue to experience fraudulent wire transfer transactions, downtime or business interruption, and breach of intellectual property (including bidding data) as a result of persistent cyberattacks.

In a more connected world where flexible working environments have become more common, contractors are continually at risk in new ways. Cybercrime continues to grow as the primary motivation for breaches, increasing from 83.96% in 2019 to 85.17% in 2020.2

The Dark Web

Once data has been pirated, the hacker often then sells it on the dark web. The dark web is a part of the internet that is not readily accessible through traditional browsers, such as Internet Explorer, Safari, or Chrome, thus requiring an anonymizer, such as The Onion Router (Tor) browser, to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user’s location.

The dark web is vast and contains many different types of sites:

  • Discussion forums and chatrooms are where common vulnerabilities and information about organizations are shared. Hackers also use these sites to often discuss plans for attacks against organizations and recruit other members.
  • Paste sites are places for large data dumps, which may include previously compromised and other dated information. Remember, nothing put on the internet ever truly goes away.
  • Marketplace is the most common type of site on the dark web where illicit and other items are for sale.
    These online shops provide:
    • Drugs and paraphernalia
    • Stolen credit cards
    • Compromised health information
    • Personally identifiable information such as personal records, passports, and driver’s licenses
    • Hackers for hire

Stolen Information

Stolen credit cards compose the majority of items for sale on the dark web. According to NordVPN, the average cost is only $10, and most come from U.S. citizens.3 This is because financial institutions have improved the response time for deactivating stolen card numbers, meaning the cards may not even be usable and, if they are, they may only be good for a few purchases before they’re deactivated.

Other data, such as health identities, can go for $50 or higher, as buyers can use this information for various services, including routine health care checks, prescription drugs, and even medical procedures.

Shadow IT

A growing threat to organizations is the use of shadow IT, which refers to IT-related software or hardware (e.g., software applications, services, or wireless devices) used by employees that’s outside the organization’s ownership and control. Typically, employees use shadow IT with good intent, for example, to perform their duties more efficiently; however, they unwittingly expose their organization to a potential cyberattack.

For instance, a construction professional might conduct business using a personal smartphone or other device, which could allow them to complete email exchanges, including the sharing of attachments, outside of the company’s technology environment. These devices may not employ the proper logical access controls or data “sandboxing” (i.e., interactively and collaboratively representing a company’s data sets) required to safeguard company information.

Since these items aren’t purchased through regular IT procurement channels, security is overlooked. As the usage of shadow IT continues to grow, especially with the increase in remote work, it is imperative for organizations to recognize this threat and establish policies regarding technology usage.

If you are a CFMA member login to continue reading this article. If you aren't a member yet and would like unlimited access to all of the content on cfma.org, plus a variety of other benefits, join CFMA today!