ServiceNow Inc. announced on Tuesday plans to acquire Veza in a move aimed at fortifying security for identity and access management. The acquisition will integrate Veza’s technology into ServiceNow’s Security and Risk portfolios, helping organizations monitor and control access to critical data, applications, systems, and artificial intelligence (AI) tools. The deal comes as businesses increasingly..

The post ServiceNow to Acquire Identity Security Firm Veza appeared first on Security Boulevard.

A Nigerian national has been sentenced to five years in federal prison for his role in a massive darknet fraud scheme that intended to cause over $6 million in losses, according to the U.S. Department of Justice (DOJ). Using various online aliases, Kaura led a global network selling stolen payment card data, using cryptocurrencies like […]

Last Updated on October 28, 2025 by Narendra Sahoo

When you think about protecting your website from cyber threats, your first thought probably isn’t your hosting provider. The typical go-to solutions to minimize cybersecurity threats are firewalls, strong passwords, and two-factor authentication. But the truth is, your hosting environment is one of the most overlooked yet critical components of a strong cybersecurity strategy.

• Hosting is critical in defending websites from modern cyber threats, yet it’s often overlooked in basic security strategies.
• Different types of hosting offer varying levels of protection, with dedicated and VPS hosting typically offering stronger isolation.
• Evaluating provider transparency, support quality, and built-in security tools is key to making a smart, long-term hosting decision.
• Avoid hosts with vague policies, poor support, or unrealistically low prices, as these can signal serious security gaps.

Every website, no matter how small, is a potential target for cybercriminals. The threats are constant and evolving, from malware injections to brute-force login attempts. That’s why it’s more important than ever to be proactive—and that starts with where and how your site is hosted.

In this article, we’re unpacking how your hosting choices can expose you to security risks or shield your digital presence from harm. Whether launching your first site or managing a growing online business, understanding the link between hosting and cybersecurity can save you a ton of headaches — and money — down the road.

The Overlooked Role of Hosting in Cybersecurity

Let’s be honest—hosting rarely gets the attention it deserves in cybersecurity discussions. Most people assume they’re covered if they have antivirus software and SSL encryption, but that’s only part of the picture to minimize cybersecurity threats.

Think of your hosting environment as the foundation of a house. No matter how solid your doors and windows are, the whole structure is at risk if the foundation is weak. Similarly, if your hosting service doesn’t offer a secure setup, your site becomes far more vulnerable to attacks, even if your plugins and passwords are top-notch.

Take shared hosting, for example. It’s affordable and popular, especially among small websites. However, with multiple sites sharing the same server, if one site gets compromised, the others can be at risk, too. It’s the digital version of living in an apartment building with paper-thin walls — what affects your neighbor could easily affect you.

Conversely, VPS (Virtual Private Server) or dedicated hosting offer better isolation and control, dramatically reducing the surface area for potential attacks. Cloud hosting also brings advantages, primarily when managed by a reputable provider that stays current with security patches and updates.

Real-world cases have shown that businesses using outdated or misconfigured hosting were far more likely to suffer breaches. It’s not just about having a space on the Internet—it’s about where that space is and how well it’s protected.

Why Hosting Providers Matter More Than You Think

Not all hosting companies are created equal. Beyond offering disk space and bandwidth, the best providers quietly work behind the scenes to secure their servers, monitor for unusual activity, and deploy patches long before vulnerabilities become public knowledge.

This is where price and quality start to show their true colors. Sure, costs for website hosting vary based on provider, and it is tempting to go for the cheapest option. But when it comes to cybersecurity, that bargain can come with hidden costs, like unreliable uptime, slow response during emergencies, or weak defenses against malware.

Security-conscious providers invest heavily in infrastructure, such as intrusion detection systems, daily backups, and built-in firewalls. They also typically offer responsive customer support, an underrated but critical feature when dealing with potential breaches or downtime.

A good host will be transparent about their security protocols and compliance with standards like ISO/IEC 27001 or SOC 2. If that information isn’t easy to find or their answers seem vague, take it as a warning sign.

So, before you settle on a provider, consider how seriously they treat security. Ask questions. Read the fine print. And most importantly, don’t assume that low cost equals high value — especially when your data is on the line.

Key Features That Boost Hosting Security

When comparing hosting options, it’s easy to focus on flashy promises like unlimited bandwidth or 99.9% uptime. But if you’re serious about protecting your website, your attention should shift to security-first features—the real backbone of reliable hosting.

Start with DDoS protection. Distributed denial-of-service attacks are among the most common ways bad actors try to bring down a site. A host that actively monitors traffic and filters out suspicious patterns can stop an attack before it impacts your site. This isn’t just about keeping your site live — it’s about maintaining trust with your visitors.

Next, look for malware scanning and removal tools. Some hosts offer automated daily scans, while others expect you to handle it independently. The first option gives you a much better safety net. Automatic backups are another must-have. If your site does get compromised, a solid backup system lets you quickly roll back to a clean version — ideally without jumping through a dozen support tickets.

Then there’s server isolation. On shared hosting plans, multiple websites often reside on the same server, which can be a security risk if one gets infected. But some hosts offer account-level isolation even within shared environments, which adds an extra layer of protection.

Don’t overlook patch management, either. Operating systems and server software, like your phone or laptop, need regular updates. A reputable host will apply these patches consistently, ensuring your server doesn’t become an easy target because it runs outdated software.

At the end of the day, these features aren’t just technical bells and whistles—they’re shields for your data, your users, and your reputation. If your current host doesn’t offer them or charges a premium to add them, it might be time to reassess.

Red Flags When Choosing a Host

While it’s important to know what to look for in a secure hosting provider, it’s just as crucial to recognize the warning signs that a host might not be in good shape.

First off, be wary of vague or non-existent security documentation. If a hosting company can’t clearly explain how it protects your data or what protocols it follows during a cyber incident, that’s a major red flag. Transparency is key — you should never have to guess whether your host is prepared for an attack.

Poor customer support is another tell. If you’ve ever waited days to respond to a fundamental question during a real security emergency, imagine how that would play out. Reliable hosts offer 24/7 support, and you should be able to reach a human quickly, not just a chatbot or generic email auto-reply.

Also, pay attention to what others are saying. A quick search can reveal much about how a hosting company handles breaches, outages, or user complaints. Frequent downtime or reports of hacked sites on a host’s servers aren’t just bad luck — they’re often signs of systemic issues.

Lack of compliance is another subtle but serious issue. If a host doesn’t mention industry standards like GDPR, PCI DSS, or SOC 2, that should raise eyebrows, especially if you’re handling sensitive user information like emails, passwords, or payment data.

Finally, consider the “too good to be true” effect. Ultra-cheap hosting plans might catch your eye, but they often cut corners on security, infrastructure, or customer support. And in cybersecurity, those corners can turn into open doors for attackers.

Choosing a host should never be based on price alone. The cost of bad hosting usually shows up after it’s too late in the form of  lost data, broken trust, and hours of downtime you can’t get back.

Making the Smart Choice for Your Site’s Needs

Choosing a secure hosting solution isn’t just about checking off a list of features — it’s about finding the right fit for your website’s unique needs. That starts by thinking about what kind of site you’re running, how much traffic you expect, and what kind of data you’re handling.

A secure shared hosting plan for small blogs or portfolio sites might be enough, as long as the provider offers strong baseline protection and decent customer support. But if you’re running an e-commerce site, managing user accounts, or processing payments, your hosting environment needs to be more robust. In those cases, VPS or dedicated hosting gives you better control and insulation from neighboring websites.

Business owners often benefit from managed hosting services, especially when they don’t have a technical team. These providers handle updates, backups, and even security monitoring, letting you focus on content or product development instead of worrying about server maintenance.

It’s also smart to future-proof your decision. Your hosting needs today might look different a year from now. A good provider will offer scalable plans that can grow with your site, adding more resources and tighter security as needed.

Most importantly, your hosting choice aligns with your risk tolerance and goals. Speed, performance, and price all matter—but not at the cost of leaving your site exposed.

Conclusion

Cybersecurity isn’t just the job of software tools or IT professionals — it’s something you can influence from the ground up, starting with your web hosting. Your chosen provider and plan set the tone for your site’s safety, reliability, minimize cybersecurity threats and long-term success.

By understanding how different hosting environments work and what security features matter most, you can make decisions that protect your digital space instead of leaving it vulnerable. The right hosting choice will not just give you peace of mind—it will give your users confidence in your site, and that’s a powerful asset in today’s online world.

The post Minimize Cybersecurity Threats by Making Smart Hosting Choices appeared first on Information Security Consulting Company - VISTA InfoSec.

You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names?

As a cybersecurity writer, I quickly add new strains to my vocabulary. But I never knew how they came to have those names in the first place. After writing numerous articles on malware, I decided to dig deep into the naming conventions to shed some light on that question. As it turns out, a name can tell you a lot about the malware itself — but it can also sow some confusion. 

Threat Group Names

First, let’s talk about the difference between group names and malware strain names since they often intertwine and sometimes impact each other. With a one-hit-wonder group or a group with no known name, occasionally, the malware shares the group name. However, in most cases, there is a unique name for both the group and the malware.

You can often learn a lot about a group from its name. Group names often reference the nation-state associated with the group, such as Bear for Russia and Panda for China. The name often reflects the group’s motivation as well. “Spider” in the name means that money motivates a group, and “Jackals” refer to hacktivists.

A Few Common Naming Conventions

Now let’s get back to the question of how malware strains themselves are named. The short answer is that strains are named in several different ways. Of course, there are always outliers that get their names in a totally different way, so these are just common examples.

Typically if a cyber criminal doesn’t name their strain themselves, a cybersecurity researcher creates the name. The primary researcher of the strain or attack will usually come up with the name, and they sometimes assign one that seems random — but there is usually a pattern or at least some loose methodology.

And yes, that has led to many issues — especially misidentification and misnaming. Without an industry-wide database that lists the official names of all strains, some strains even end up with multiple names. Because many strains turn into families, researchers and the media must use consistent naming conventions. Otherwise, these labels can cause confusion when experts most need clarity. 

6 Common Ways Malware Strains Get Their Names

1. Target of the Attack

Sometimes the simplest (and most notable) thing about a strain is what the attack is trying to disrupt. For example, the Olympic Destroyer malware got its name because it was trying to shut down the Winter Olympics systems in South Korea in 2018.

2. Computer Antivirus Research Organization (CARO) Conventions

Sometimes malware strains have both a formal name and a nickname, just like people. In many cases, we never know or use the name researchers use formally — or the one their mom uses when they’re in trouble. The CARO creates the name based on the strain’s type, platform, family, variant and suffix. Companies such as Microsoft and CrowdStrike often stick to formal names.

3. Unique Aspects of the Attack

When researchers were studying the HeartBeat malware strain, they noticed an echoing sound that mimicked a heartbeat, which coined its name. Meltdown got its name because of what the attack did: break the isolation between applications and the operating system, which opens up the network to attacks leading to a meltdown.

4. Variant of the Threat

Malware often has many strains. And since each strain can vary in significant ways, we need to be able to differentiate between them. This is when the suffix of the CARO name comes into play. The suffix also suggests how the variant is used.

5. Cyber Criminals

Sometimes the threat actors themselves name the strain when they take credit for the malware. Other times, the name is integrated into the attack, such as in the case of WannaCry. Some groups actually create logos for their strains for marketing purposes. 

6. Functionality

The action of the malware is sometimes the reason behind the name, such as Banker or Downloader. In some cases, that functionality combines with another descriptive word to distinguish it from other strains.  

Malware naming conventions can be confusing. But by understanding a bit about common origins, you get a head start on knowing about the strain from the first time you hear the name.

The post Six Common Ways That Malware Strains Get Their Names appeared first on Security Intelligence.

The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job.

Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries.

As we begin to navigate 2023, the security landscape has transformed from a year ago, let alone a decade ago. The Russian invasion of Ukraine, emerging technologies like Web3 and AI, and new, post-pandemic ways of organizing the workforce have all led to significant shifts in the world of hacking.

In this article, we’ll look at how hacking is different in 2023, some of the key threats CISOs must contend with and some of the best defenses available.

What Does Modern Hacking Look Like?

Before we start, it’s worth noting that even the term “hacker” has undergone some evolution over the years. Once largely associated with hostile actors, many security professionals now refer to themselves as hackers. The term “white hat hacker” also exists; this refers to hackers using the same methods as cyber criminals to carry out ethical tasks like pressure-testing security systems.

So what are the concrete ways hacking has changed today compared to five, ten and even twenty years ago? There are several significant trends to highlight that look set to dominate the cybersecurity conversation in 2023.

A Lower Barrier to Entry

In the past, threat actors needed highly developed skill sets honed over many years. Hacking, especially targeting high-level organizations with valuable assets, wasn’t something just anyone could do — the bar was set high.

Today, with the emergence and growth of DIY hacking kits and services — available in places like the dark web — even fairly low-skilled cyber criminals can inflict damage and successfully commit crimes. This is concerning news because it means the pool of potential attackers is soaring.

Taking Advantage of the Shift to Remote Work

Although the COVID-19 pandemic is now receding, many effects still linger. One of the most notable is the sustained shift to remote working patterns. While more remote work options come with great employee benefits such as work-life balance and productivity, this style of working also carries inherent security risks.

With millions of companies now operating either partially or fully remote, along with escalating levels of cloud adoption, security teams have the challenging task of defending sensitive information and assets. Employees access all this data from a wide range of locations — including unsafe wireless networks and even public places.

Emerging Technologies Will Play a Greater Role

Emerging technologies like blockchain, the internet of things and artificial intelligence are expected to play a more prominent role in our lives in 2023, making them a more attractive target for attackers.

We’ve already seen a number of high-profile attacks on Web3 infrastructures, like the 2022 hacking of the Binance exchange for $570 million. Threat actors can also turn new technologies to their own advantage; for example, by harnessing AI tools to automate their attacks and quickly identify easy targets.

Bigger Targets and Heavyweight Players

The invasion of Ukraine in early 2022 sparked a new era of geopolitics, shifting the cybersecurity landscape. Russia has been targeting critical infrastructure in Ukraine with cyberattacks. As tensions between the West and its adversaries reach the highest point in decades, it’s realistic to expect more such attacks against Western targets.

CISOs at all levels must prepare for attacks by nation-state actors, which could even target assets like regional power grids.

What Will Be the Most Popular Hacking Methods of 2023?

Which techniques will malicious actors use to achieve their goals in 2023? While it’s difficult to predict, we’ll likely see a continuation of recent trends.

• Phishing. Despite  — or perhaps because of — its simplicity, phishing remains an extremely effective method for threat actors of all types. Tricking victims into sharing sensitive data, including company information, is a tried-and-tested attack vector that organizations must prepare for with widespread employee education and more robust password policies.
• DDoS attacks. Distributed Denial of Service attacks work by overwhelming the target’s servers with traffic, causing them to crash. In many cases, attackers are using cloud infrastructure to bolster their DDoS attacks.
• Ransomware. This method has been skyrocketing year over year and will probably trend upward in 2023. During an attack, malicious actors seize an organization or individual’s data, encrypt it and demand a ransom for its return. Ransomware can be devastating, leading to enormous financial losses and irreparable reputation damage.
• Targeting missing patches. Many threat actors are actively searching for security patches that organizations have failed to keep up to date. Then, they take advantage of those vulnerabilities.

What Does Defense Against Hacking Look Like in 2023?

As hacking continues to evolve, so do the methods cybersecurity teams are deploying to combat those threats.

Here are some of the key trends in defense against hacking to be aware of in 2023:

Automation and AI

AI is being harnessed by cyber criminals more and more, but when used correctly, it can also be a powerful tool for defense. AI algorithms are excellent at analyzing huge datasets and making accurate predictions about when and where attacks will take place, giving security teams a valuable advantage.

According to research by IBM, companies that use AI and automation to defend against data breaches save an average of $3.05 million compared to those that don’t — a difference of 65.2%.

Secure Cloud Assets

As cloud assets and infrastructure become increasingly popular targets, companies will focus on defending in this area. Stricter security controls, greater enforcement of access requirements and better education and coordination between teams are all excellent places to start.

Make Cybersecurity a Priority

The past few years have seen a growing trend of organizations taking a much more focused approach to cybersecurity with company-wide education policies and growing cyber spending.

As we enter 2023 and beyond, companies look certain to continue along this path, emphasizing security responsibility for everyone in the organization, not just security teams.

The post What CISOs Should Know About Hacking in 2023 appeared first on Security Intelligence.

As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses still control their own destiny when it comes to cloud security. Misconfigurations across applications, databases and policies could have stopped two-thirds of breached cloud environments observed by IBM in this year’s report.

IBM’s 2021 X-Force Cloud Security Threat Landscape Report has expanded from the 2020 report with new and more robust data, spanning Q2 2020 through Q2 2021. Data sets we used include dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research. This expanded dataset gave us an unprecedented view across the whole technology estate to make connections for improving security. Here are some quick highlights:

• Configure it Out — Two out of three breached cloud environments studied were caused by improperly configured Application Programming Interface (APIs). X-Force incident responders also observed virtual machines with default security settings that were erroneously exposed to the Internet, including misconfigured platforms and insufficiently enforced network controls.
• Rulebreakers Lead to Compromise — X-Force Red found password and policy violations in the vast majority of cloud penetration tests conducted over the past year. The team also observed a significant growth in the severity of vulnerabilities in cloud-deployed applications, while the number of disclosed vulnerabilities in cloud-deployed applications rocketed 150% over the last five years.
• Automatic for the Cybercriminals — With nearly 30,000 compromised cloud accounts for sale at bargain prices on dark web marketplaces and Remote Desktop Protocol accounting for 70% of cloud resources for sale, cybercriminals have turnkey options to further automate their access to cloud environments.
• All Eyes on Ransomware & Cryptomining — Cryptominers and ransomware remain the top dropped malware into cloud environments, accounting for over 50% of detected system compromises, based on the data analyzed.

Download the report

Modernization Is the New Firewall

More and more businesses are recognizing the business value of hybrid cloud and distributing their data across a diverse infrastructure. In fact, the 2021 Cost of a Data Breach Report revealed that breached organizations implementing a primarily public or private cloud approach suffered approximately $1 million more in breach costs than organizations with a hybrid cloud approach.

With businesses seeking heterogeneous environments to distribute their workloads and better control where their most critical data is stored, modernization of those applications is becoming a point of control for security. The report is putting a spotlight on security policies that don’t encompass the cloud, increasing the security risks businesses are facing in disconnected environments. Here are a few examples:

• The Perfect Pivot — As enterprises struggle to monitor and detect cloud threats, cloud environments today. This has contributed to threat actors pivoting from on-premise into cloud environments, making this one of the most frequently observed infection vectors targeting cloud environments — accounting for 23% of incidents IBM responded to in 2020.
• API Exposure — Another top infection vector we identified was improperly configured assets. Two-thirds of studied incidents involved improperly configured APIs. APIs lacking authentication controls can allow anyone, including threat actors, access to potentially sensitive information. On the other side, APIs being granted access to too much data can also result in inadvertent disclosures.

Many businesses don’t have the same level of confidence and expertise when configuring security controls in cloud computing environments compared to on-premise, which leads to a fragmented and more complex security environment that is tough to manage. Organizations need to manage their distributed infrastructure as one single environment to eliminate complexity and achieve better network visibility from cloud to edge and back. By modernizing their mission critical workloads, not only will security teams achieve speedier data recovery, but they will also gain a vastly more holistic pool of insights around threats to their organization that can inform and accelerate their response.

Trust That Attackers Will Succeed & Hold the Line

Evidence is mounting every day that the perimeter has been obliterated and the findings in the report just add to that corpus of data. That is why taking a zero trust approach is growing in popularity and urgency. It removes the element of surprise and allows security teams to get ahead of any lack of preparedness to respond. By applying this framework, organizations can better protect their hybrid cloud infrastructure, enabling them to control all access to their environments and to monitor cloud activity and proper configurations. This way organizations can go on offense with their defense, uncovering risky behaviors and enforcing privacy regulation controls and least privilege access. Here’s some of the evidence derived from the report:

• Powerless Policy — Our research suggests that two-thirds of studied breaches into cloud environments would have likely been prevented by more robust hardening of systems, such as properly implementing security policies and patching.
• Lurking in the Shadows — “Shadow IT”, cloud instances or resources that have not gone through an organization’s official channels, indicate that many organizations aren’t meeting today’s baseline security standards. In fact, X-Force estimates the use of shadow IT contributed to over 50% of studied data exposures.
• Password is “admin 1” — The report illustrates X-Force Red data accumulated over the last year, revealing that the vast majority of the team’s penetration tests into various cloud environments found issues with either passwords or policy adherence.

The recycling use of these attack vectors emphasizes that threat actors are repetitively relying on human error for a way into the organization. It’s imperative that businesses and security teams operate with the assumption of compromise to hold the line.

Dark Web Flea Markets Selling Cloud Access

Cloud resources are providing an excess of corporate footholds to cyber actors, drawing attention to the tens of thousands of cloud accounts available for sale on illicit marketplaces at a bargain. The report reveals that nearly 30,000 compromised cloud accounts are on display on the dark web, with sales offers that range from a few dollars to over $15,000 (depending on geography, amount of credit on the account and level of account access) and enticing refund policies to sway buyers’ purchasing power.

But that’s not the only cloud “tool” for sale on dark web markets with our analysis highlighting that Remote Desktop Protocol (RDP) accounts for more than 70% of cloud resources for sale — a remote access method that greatly exceeds any other vector being marketed. While illicit marketplaces are the optimal shopping grounds for threat actors in need of cloud hacks, concerning us the most is a persistent pattern in which weak security controls and protocols — preventable forms of vulnerability — are repeatedly exploited for illicit access.

To read our comprehensive findings and learn about detailed actions organizations can take to protect their cloud environments, review our 2021 X-Force Cloud Security Threat Landscape here.

Want to hear from an expert? Schedule a consultation with an X-Force team member and register for our cloud security webinar to learn more.

The post X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments appeared first on Security Intelligence.

Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) employed by threat actors. With that knowledge in hand, decision-makers can better position themselves to protect their organizations.

This is in line with the classic teachings from Sun Tzu about knowing your enemy, and the entire passage containing that advice is particularly relevant to cybersecurity:

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Let’s translate the middle section of this passage into colloquial cybersecurity talk: You can have the best security operations center in the world with outstanding cyber hygiene, but if you aren’t feeding it the right information, you may suffer defeats — and much of that information comes from dark web intelligence.

Completing Your Threat Intelligence Picture

To be candid, if you’re not looking at the dark web, there is a big gap in your security posture. Why? Because that’s where a lot of serious action happens. To paraphrase Sir Winston Churchill, the greatest defense against a cyber menace is to attack the enemy’s operations as near as possible to the point of departure.

Now, this is not a call to get too wrapped up in the dark web. Rather, a solid approach would be to go where the nefarious acts are being discussed and planned so you can take the appropriate proactive steps to prevent an attack on your assets.

The first step is to ensure that you have a basic understanding of the dark web. One common way to communicate over the dark web involves using peer-to-peer networks on Tor and I2P (Invisible Internet Project). In short, both networks are designed to provide secure communications and hide all types of information. Yes, this is only a basic illustration of dark web communications, but if your security operations center aims to improve its capabilities in the dark web intelligence space, you must be able to explain the dark web in these simple terms for two reasons:

1. You cannot access these sites as you would any other website.
2. You’re going to have to warn your superiors what you’re up to. The dark web is an unsavory place, full of illegal content. Your decision-makers need to know what will be happening with their assets at a high level, which makes it vitally important to speak their language.

And this part is critical: If you want to get the most out of dark web intelligence, you may have to put on a mask and appear to “be one of the bad guys.” You will need to explain to your decision-makers why full-time staff might have to spend entire days as someone else. This is necessary because when you start searching for granular details related to your organization, you may have to secure the trust of malicious actors to gain entry into their circles. That’s where the truly rich intelligence is.

This could involve transacting in bitcoins or other cryptocurrencies, stumbling upon things the average person would rather not see, trying to decipher between coded language and broken language, and the typical challenges that come with putting up an act — all so you can become a trusted persona. Just like any other relationship you develop in life, this doesn’t happen overnight.

Of course, there are organizations out there that can provide their own “personas” for a fee and do the work for you. Using these services can be advantageous for small and medium businesses that may not have the resources to do all of this on their own. But the bigger your enterprise is, the more likely it becomes that you will want these capabilities in-house. In general, it’s also a characteristic of good operational security to be able to do this in-house.

Determining What Intelligence You Need

One of the most difficult challenges you will face when you decide to integrate dark web intelligence into your daily operations is figuring out what intelligence could help your organization. A good start is to cluster the information you might collect into groups. Here are some primer questions you can use to develop these groups:

• What applies to the cybersecurity world in general?
• What applies to your industry?
• What applies to your organization?
• What applies to your people?

For the first question, there are plenty of service providers who make it their business to scour the dark web and collect such information. This is an area where it may make more sense to rely on these service providers and integrate their knowledge feeds into existing ones within your security operations center. With the assistance of artificial intelligence (AI) to manage and make sense of all these data points, you can certainly create a good defensive perimeter and take remediation steps if you identify gaps in your network.

It’s the second, third and fourth clusters that may require some tailoring and additional resources. Certain service providers can provide industry-specific dark web intelligence — and you would be wise to integrate that into your workflow — but at the levels of your organization and its people, you will need to do the work on your own. Effectively, you would be doing human intelligence work on the dark web.

Why Human Operators Will Always Be Needed

No matter how far technological protections advance, when places like the dark web exist, there will always be the human element to worry about. We’re not yet at the stage where machines are deciding what to target — it’s still humans who make those decisions.

Therefore, having top-level, industrywide information feeds can be great and even necessary, but it may not be enough. You need to get into the weeds here because when malicious actors move on a specific target, that organization has to play a large role in protecting itself with specific threat intelligence. A key component of ensuring protections are in place is knowing what people are saying about you, even on the dark web.

As Sun Tzu said: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” There’s a lot of wisdom in that, even if it was said some 2,500 years ago.

The post The Case for Integrating Dark Web Intelligence Into Your Daily Operations appeared first on Security Intelligence.