In recent years, the “Dark Web” has become mainstream. In the past, this collection of forums, chat rooms, marketplaces and tools populated by cybercriminals and other types of threat actors, used to be known mainly to law enforcement agents, security professionals and fraud teams, who were responsible of protecting organizations from the threats that emanated from these circles.
The dark web is so well-known today, and is featured not only in movies and television shows, but even in Disney cartoons (“Ralph Breaks the Internet”) as a major plot device. However, the dark web hasn’t only become popular in the eyes of the general public, but in the security industry itself.
Many organizations are steadfast in their belief that dark web monitoring is a critical part of their security operations and the security industry is happy to fuel that belief. While in some cases and industries it is indeed important to monitor the dark web, where the intelligence can help shape threat mitigation strategies, what most organizations do not realize (and the security industry won’t tell them) is that it is often not the case.
To understand which industries can truly benefit from dark web monitoring we must first understand what it is – and what it isn’t.