An executive overview of the Deep & Dark Web

Like most cybersecurity professionals, I’m no stranger to the Deep & Dark Web (DDW). For us, the DDW is both a treasure trove of invaluable data and a necessary evil that powers many of the threats from which we were hired to protect our companies. We also recognize why it’s so important to invest in services and technologies that give us greater visibility into the DDW. The problem is, these services and technologies often come with hefty price tags, and with hefty price tags often comes a need for the executive team’s approval.

But, how do you make a case for investing in DDW intelligence when only a few members of your company’s executive team are even aware that the Deep & Dark Web exists? Here are some key points to help support your argument:

1. DDW Intelligence can enable your company to address threats proactively.

Large-scale data breaches and cyber attacks have received no shortage of news coverage in recent years. Chances are, not only is your company’s executive team worried about someday becoming a victim, they’re also likely aware that these threats can produce substantial financial and reputational damages.

However, your company’s executive team may not be aware of what most of these threats have in common: they originate from within the DDW. And while not all cyber attacks or data breaches can be prevented, the more visibility you have into the context surrounding these threats on the DDW, the better prepared your company will be to proactively detect and mitigate them.

2. DDW Intelligence can help your company meet compliance requirements.

Although compliance requirements and legislative mandates can vary greatly from industry to industry, the last several years have seen a widespread trend toward increasingly comprehensive cybersecurity regulations. Most existing regulations occur at the federal level; however, in March 2017, the New York Department of Financial Services enacted the first state-level cybersecurity regulations, which many believe could potentially encourage other state legislatures to follow suit.

New York’s new regulations apply to financial institutions and insurers, which, in addition to remaining compliant with existing federal regulations, are now required to “formally assess cybersecurity risks and establish and maintain a cybersecurity program designed to address such risks in a robust fashion.” Essentially, this means that these businesses are now responsible for proactively addressing cyber threats that pose any such risk to their stakeholders and customers. And how does a business proactively address these threats? By maintaining comprehensive visibility into where most of these threats originate: the Deep & Dark Web.

3. DDW Intelligence can support all business functions, not just cybersecurity teams.

The key is to emphasize that while many of the threats emerging from the DDW fall under the jurisdiction of cybersecurity or IT teams, many of them don’t. DDW intelligence can also help reveal, for example, malicious actors seeking to compromise your executive team’s physical safety, threats posed by malicious insiders, unknown security vulnerabilities that exist within your company’s supply chain, or emerging fraud schemes targeting your company’s customers.

This also means that when applied across all business functions, DDW intelligence can help other teams become more efficient, productive, and better-equipped to excel in their roles, some of which may include: risk, incident response, executive protection, anti-money laundering, fraud prevention, physical security, mergers & acquisitions, human resources, third-party vendor management, and of course cybersecurity. As such, investing in DDW intelligence isn’t just an investment that benefits the cybersecurity team, it’s an investment that can benefit the entire company.

Sometimes it can be easy to overlook the fact that unlike many cybersecurity professionals, most people don’t have a comprehensive understanding of the Deep & Dark Web — much less recognize why intelligence derived from these regions of the Internet would be a worthwhile business investment. But in my experience, emphasizing key points such as those I mentioned above can go a long way in terms of educating your executive team and getting them on board with a solution that can ultimately benefit the entire company.