When people think of the term "cybercrime", things like fraud and phishing scams commonly come to mind. Less known and discussed is the “DarkNet,” a digital underworld that is inaccessible to most and where illicit marketplaces exist for things like stolen identity information.

A recent Harvard Business Review (HBR) article raised the issue that the DarkNet not only poses risks for consumers, but also businesses. In particular, “[v]aluable corporate assets - from intellectual property to pirated software to stolen code bases and other digital products - appear for sale on these marketplaces more and more.”

Accordingly, it is important for businesses to familiarize themselves with the risks of the DarkNet as part of a comprehensive cybersecurity strategy.

How the DarkNet Works

The part of the Internet that most people are familiar with is called the “open web.” The open web consists of internet properties (websites, message boards, etc.) that are, as the name suggests, open to the public and accessible via standard search engines like Google. The “deep web,” of which the DarkNet is part of, consists of elements of the Internet which cannot be indexed by search engines. Much of the the deep web is used for legitimate, non-nefarious purposes, including private databases and member-only websites. The DarkNet cannot be found via standard search engines, but can be accessed with special software. A common type of software used to access the DarkNet is called Tor, which, according to the HBR article, is used by people “who don’t want to give away their location and identity to internet service providers or other parties, such as government agencies, that can track network activity.”

Risks and Opportunities for Businesses

The HBR article identifies DarkNet marketplaces (DNMs) as an area of particular concern for businesses. These virtual markets are used for transacting unlawful business in things like child pornography, drugs, and stolen goods, and buyers and sellers use cryptocurrencies, such as Bitcoin, to conduct business anonymously.

Businesses face risks because the DarkNet offers opportunities for employees to sell and distribute sensitive corporate information and conceal their actions. For example, an employee could distribute an employer’s trade secrets, without the employer having any way of tracing the perpetrator. The HBR article raises the prospect of insider information being distributed on the DarkNet, resulting in stock trades that benefits insiders.

On the other hand, some corporations are leveraging the DarkNet for legitimate purposes, including using the DarkNet as a secure way to communicate with employees in different locations and shield confidential business activities from prying eyes.

Protecting Against DarkNet Risks

In light of the significant risks posed by anonymous activities on the DarkNet, businesses need to take steps to protect themselves. Below are suggestions for companies looking to guard against these risks:

  • Use strong, up-to-date encryption on all sensitive data.
  • Build or hire a strong cyberthreat team that can react quickly as necessary.
  • Monitor DNMs and the DarkNet for threats and activity that can place corporations at risk.
  • Monitor employee use of technology.
  • Put a response plan in place to guide corporate actions in the event of an incident.
  • Build a cyber-threat response team, including an attorney specialized in these issues.