• United States




An executive overview of the Deep & Dark Web

Jun 06, 20174 mins

How do you make a case for investing in Deep & Dark Web intelligence when few members of your executive team have even heard of the Deep & Dark Web?

insurance cyber attack protection
Credit: Thinkstock

Like most cybersecurity professionals, I’m no stranger to the Deep & Dark Web (DDW). For us, the DDW is both a treasure trove of invaluable data and a necessary evil that powers many of the threats from which we were hired to protect our companies. We also recognize why it’s so important to invest in services and technologies that give us greater visibility into the DDW. The problem is, these services and technologies often come with hefty price tags, and with hefty price tags often comes a need for the executive team’s approval.

But, how do you make a case for investing in DDW intelligence when only a few members of your company’s executive team are even aware that the Deep & Dark Web exists? Here are some key points to help support your argument:

1. DDW Intelligence can enable your company to address threats proactively.

Large-scale data breaches and cyber attacks have received no shortage of news coverage in recent years. Chances are, not only is your company’s executive team worried about someday becoming a victim, they’re also likely aware that these threats can produce substantial financial and reputational damages.

However, your company’s executive team may not be aware of what most of these threats have in common: they originate from within the DDW. And while not all cyber attacks or data breaches can be prevented, the more visibility you have into the context surrounding these threats on the DDW, the better prepared your company will be to proactively detect and mitigate them.

2. DDW Intelligence can help your company meet compliance requirements.

Although compliance requirements and legislative mandates can vary greatly from industry to industry, the last several years have seen a widespread trend toward increasingly comprehensive cybersecurity regulations. Most existing regulations occur at the federal level; however, in March 2017, the New York Department of Financial Services enacted the first state-level cybersecurity regulations, which many believe could potentially encourage other state legislatures to follow suit.

New York’s new regulations apply to financial institutions and insurers, which, in addition to remaining compliant with existing federal regulations, are now required to “formally assess cybersecurity risks and establish and maintain a cybersecurity program designed to address such risks in a robust fashion.” Essentially, this means that these businesses are now responsible for proactively addressing cyber threats that pose any such risk to their stakeholders and customers. And how does a business proactively address these threats? By maintaining comprehensive visibility into where most of these threats originate: the Deep & Dark Web.

3. DDW Intelligence can support all business functions, not just cybersecurity teams.

The key is to emphasize that while many of the threats emerging from the DDW fall under the jurisdiction of cybersecurity or IT teams, many of them don’t. DDW intelligence can also help reveal, for example, malicious actors seeking to compromise your executive team’s physical safety, threats posed by malicious insiders, unknown security vulnerabilities that exist within your company’s supply chain, or emerging fraud schemes targeting your company’s customers.

This also means that when applied across all business functions, DDW intelligence can help other teams become more efficient, productive, and better-equipped to excel in their roles, some of which may include: risk, incident response, executive protection, anti-money laundering, fraud prevention, physical security, mergers & acquisitions, human resources, third-party vendor management, and of course cybersecurity. As such, investing in DDW intelligence isn’t just an investment that benefits the cybersecurity team, it’s an investment that can benefit the entire company.

Sometimes it can be easy to overlook the fact that unlike many cybersecurity professionals, most people don’t have a comprehensive understanding of the Deep & Dark Web — much less recognize why intelligence derived from these regions of the Internet would be a worthwhile business investment. But in my experience, emphasizing key points such as those I mentioned above can go a long way in terms of educating your executive team and getting them on board with a solution that can ultimately benefit the entire company.


Chris Camacho partners with Flashpoint's executive team to develop, communicate, and execute strategic initiatives pertaining to Business Risk Intelligence (BRI).

With more than 15 years of cyber security leadership experience, he has spearheaded initiatives across Operational Strategy, Incident Response, Threat Management, and Security Operations to ensure cyber risk postures align with business goals.

Camacho has a B.S. in Decision Sciences & Management of Information Systems from George Mason University.

The opinions expressed in this blog are those of Chris Camacho and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.