The dark web is a We realized that although people have heard about the dark web, not many are actually aware of what it is, how it can be accessed, who usually accesses it and what actually goes on there. The truth is that dark web activities affect us more than ever in this digital age, and businesses especially have much to lose. We embarked on this project to shed light on the direct and indirect risks of the dark web and why people need to have a strategy to counter the threats emanating from the unknown depths of the
The heart of the project was a survey of 100 Malaysian IT professionals that gave us deep insight into their understanding of the dark web, their companies own use of the deep or dark web and their appreciation of the dangers that dark web can pose.
The survey results were analysed and written into a e-book download which was made freely available from our cybersecurity news portal. Malaysia’s government body for cybersecurity “Cybersecurity Malaysia” also requested we shared anonymised raw survey data with them for their own increased understanding and also promoted our findings.
The survey’s findings were considered important enough to share in more detail directly with a number of senior Cyber Security officers from a group of some of Malaysia’s largest finance companies. Together with commercial sponsor Ingram Micro, we funded a live event where these findings were published.
Our aim with the entire project was to make more businesses aware of the threats of the dark web and more importantly to understand that private and confidential data from their own companies may very likely be “out there” on the dark web without their knowledge.
In era where cybercrime, legal compliance and online reputation being cognisant of this fact is vital for every business. with thi sin mind one of the most compelling impacts the project had was the number of large Malaysian companies (over 30) who as a direct result of this work, went out and secured services to scan check their own dark web exposure.
Whilst most kept the results of these assessments private, three companies who have asked to remain anonymous allowed us to view the results of their dark web assessments. In all three cases live and current data including user names and passwords were discovered on the dark web.
The survey was conducted using “old fashioned” telephone-based interviews.
We specialise in highly targetted IT news portals. Our oldest title is “data & storage asean”. This specific campaign revolved around one of our newer news portals “cybersecurity asean”.
By running a highly targetted portal that focuses on a very niche subject (cybersecurity) we have been able to build a database of cybersecurity officers and administrators who work across the south-east Asian region. We were able to tap into this subscriber data to profile our targeted set of “subjects” for the survey interview.
We designed the survey questions, using statistically proven questioning methodology and captured the interview answers using google forms. All telephone interview surveys were also recorded.
The results were analyses using Microsoft BI and visualisations/infographics of the results were created using piktochart.
We have developed our own download engine (aopgdownloads.com) which captures and stores details of every document downloaded from any of our news portals. This was used to capture data on who downloaded the survey write up. This was used for impact analysis, with built-in follow-up questions we were able to identify people/companies that acted on what they read such as arranging a dark web assessment.
In order to actually delve into the dark web and find stolen private data we worked in partnership with Ingram Micro and CyberInt, the latter providing the dark web scanning technology the former providing the expertise to run the scans.
What was the hardest part of this project?
There are three areas which make this project particularly hard to undertake.
The first is credibility and trust. Companies and IT security officers do not like to share details that could compromise their own security. They are always naturally sceptical about sharing any information about their own company’s security and data privacy. Our publication has developed a reputation for not being tempted to sensationalise cybersecurity news. We are known for reporting, informing and educating about cybersecurity issues. This enabled us to gain trust when conducting survey interviews, it also enabled our journalists to convince a number of companies to share the results of their dark web security scans with us.
The second was acquiring high-quality data. Our project did not collect large amounts of data, rather we collected deep insights from a highly select group. being able to identify and approach senior IT Security Officers in large Malaysian enterprises requires the ability to have the database available (which have through our subscriber base) and then being able to assess the correct people to approach and interview.
The third was securing the correct partners to make the project possible. Having support from the Malaysian government agency for cybersecurity and then bringing in the companies with the skills to help us navigate dark web issues and the dark web itself was critical but required credible approaches and convincing to get the right supporting organisations behind us.
What can others learn from this project?
The information we collated and produced in the report is in itself a valuable learning resource for literally anyone. We all need to understand what the dark web is and how it can be used. Whilst many of us will never “surf” the dark web, understanding how it is used against us, in itself makes people more cyber aware.
In terms of the project itself, its a demonstration of how a small newsroom needs to use multiple platforms to spread the content we produce. We focus on digital, but this project deployed telephone canvassing as well as face to face event to drive the content we created into the hands of the people we wanted to direct it to. Further by teaming with a government agency we were able to syndicate the content wider than over our own web platform alone.
The most valuable lesson is for other “small newsrooms”. To be relevant and “punch above our weight” we need to achieve domain expertise. As a small newsroom, it’s almost impossible to compete with the big news publishers if we try to go wide. But by being very focused on the news we cover and maintaining highly focused news portals (e.g. cybersecurityasean.com) we are able to do more than compete. We develop core expertise that the larger news agencies cannot rival. In the area of cybersecurity we are more credible than our bigger rivals. By focusing on this core competency we were able to hinge together this project, be taken very seriously and deliver compelling content that educated and informed our target audience in a way a larger more genralist newsroom would not be able to do