Director of Finance Jan-Mar 2019

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

FINAL THOUGHTS | The Dark Web

BREAK FREE FROM THE DARK WEB

Discovering your company’s financial data up for sale on the dark web is the stuff of nightmares. Don’t worry, there are still things you can do, says Phil Chambers

DARK WEB TRADING ROOMS are open 24-7. They can materialise and sell off high-value financial data, then vanish. But there are opportunities for businesses to find their stolen information and beat the criminals at their own game. If your computer system is hacked, there is a good chance

that any saleable data will find its way to dark web, where anonymous individuals pay for

illegal goods and services

using an equally anonymous cryptocurrency such as Bitcoin. That is why FDs and c-suite executives should view the dark web as a tool in their risk management and loss prevention plans, not as a ridge of despair. It helps to understand how the dark web works.

THE INVISIBLE INTERNET Released into the world by the US government, the dark web offers users complete anonymity in a world of untraceable websites. Its back rooms, chat rooms, data dumping grounds, trading spaces and marketplaces can’t be found by any publicly available search engine.

A WORLD OF WORLDS The dark web is not an exclusively criminal underworld. Alongside the stolen information, drugs, weapons and illicit content, there are whistle-blowers, activists, idlers and people who simply want a private space in which to exercise the sort of freedoms many of us take for granted.

A MARKETPLACE FOR FINANCIAL DATA Credit rating agency Equifax estimates that around 40 per cent of the illegal activity on the dark web is financial data. And a Financial Services Threat Landscape Report suggests that the volume of such data is growing by 135 per cent year on year. This highly prized data can be sold or used in phishing attacks and is a key building block in identity theſt. Where so-called hacktivists are involved, company reputation may be the primary target.

HIGH RISK OF INFECTION Companies that hunt the dark web themselves potentially expose their high-value data to malware that resists removal. If you don’t know what you’re doing, it’s best not to do it.

DISTRIBUTION CAN BE STOPPED OR DELAYED Financial data tends to be held in tightly controlled areas that can’t be accessed by bots or crawlers. Human analysts can go deep into these rooms to remove the data – although this is not always possible. They can also delay its sale by creating uncertainty about the authenticity of the information or the vendor, buying a company valuable time to act.

CLEAN FINANCIAL DATA MOVES FAST… Parts of the dark web are home to organised crime groups with clear decision-making structures and established pathways for buying hackers’ services and selling stolen goods. They oſten employ “miners” to extract information such as passwords or bank account details, hidden within data strings. Money specialists (the dark web equivalent of FDs) then find the best way to leverage this data. The National Cyber Security Centre report Cyber Crime: understanding the online business model makes sobering reading.

…BUT LAGS CAN BE AN OPPORTUNITY FOR COMPANIES TO LIMIT DAMAGE Vendors generally release taster-sized portions of data to see who “bites”. The price might be contested or competed, a buyer might get cold feet, or there could be a delay while data is cleaned or matched with information from a previous breach. Such delays are an opportunity for analysts to retrieve or neutralise stolen company data.

A MINE OF INFORMATION The dark web is a source of valuable information that can help you shape your response to a breach. Only when you know exactly what data has been stolen, can you put appropriate measures in place to contain financial losses and reputational damage and limit any fines imposed by the Information Commissioner’s Office. It’s never too late. ■

Phil Chambers is chief operating officer at Metro Communications, which specialises in IT and telecommunications services, including cyber security solutions.

34 DIRECTOR OF FINANCE DOFONLINE.COM

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36