dark-web-monitoringI’ve been getting a lot of folks asking me about Dark Web monitoring as a component of their cyber stack. Is it useful? What is the best tool? How can we incorporate it in our stack?

At this point, unless your client has been stuck under a rock, they at least are vaguely familiar with ransomware attacks.

To be blunt, we all should have heard of dangers on the Dark Web at this point. I get daily email advertisements about Dark Web monitoring by companies trying to sell me on personal identity monitoring. The average consumer is getting very familiar with Dark Web monitoring, too.

That said, if sharing Dark Web results with clients is getting them engaged into thinking about their cyber hygiene, their investment in a cyber stack, or their overall security preparedness, by all means, continue sharing reports on Dark Web monitoring.

My reality: We’ve all heard about the dangers of the Dark Web and its dangers at this point. You might need a fresh approach.

It’s in the 24-hour new cycle at this point. And if you’re client isn’t security conscious or if a report on their compromised passwords (which may be for old throw away accounts), sharing them with clients and prospects may actually be hurting your ability to cut through the noise and get them to seriously think about their state of security.

What is the value?

I want you to think about what value Dark Web monitoring has for your client. And how are you delivering that value? What are they interested in knowing? Are you overpromising when promising Dark Web results?

Here are a couple of use cases that our partners are using Dark Web monitoring:

Detect ransomware dump site listings—in 2020, there has been a huge increase in ransomware dump sites. Several partners are hoping to use Dark Web monitoring to help communicate and mitigate events related to large data dumps.

Stay up to date with insider threats—some partners expect their Dark Web monitoring tool to share with them chatter about vulnerability exploits. What sensitive data is being focused on? Are specific companies/ client companies being named in forums as targets?

Keep clients informed on personal identity information—provide comprehensive monitoring services for client’s key users.

Are you delivering what clients are expecting?

Whatever reason you decide to monitor the Dark Web, I want you to take a step back and figure out if you’re delivering a service your clients are expecting? I know that Dark Web monitoring may be something you are hoping to have in place to keep you sticky or help establish additional perceived value.

Is your service meeting client expectations?

On the surface, the answer is probably Yes. You are providing a list of compromised credentials or sensitive information.

But what you might want to think about—is this information enough?

I liken Dark Web monitoring to the explorers. Way back in elementary school, I vividly remember learning about Christopher Columbus and other big names that sailed ships around the world to find India.

They sailed for what might have seemed like an eternity to find new places. I believe Columbus discovered islands in the Caribbean. Others discovered a variety of places in a strange new World far west of their origins. None probably understood how their new-found discoveries fit in the context of how we understand global geography today.

But they found different ground to claim for their kingdoms.

That’s kind of how I think about the Dark Web monitoring. Some explorers may be better at spotting islands. Others may, by luck, find bigger lands. But each is searching, not really knowing the extent to what is out there.

Now I understand that I am oversimplifying the problem of Dark Web Monitoring, but if you are putting your eggs into one or a couple of Dark Web monitoring solutions to get a comprehensive data set for your clients, you are probably only looking at a sliver of what is out there.

I’ve evaluated partner data with a variety of platforms (not getting into the comparisons in this post) and have found that data sets obtained on the same day with different common platforms used in MSPs produced entirely different results.

In my mind that’s like the Spanish explorers finding Cuba and the British finding Massachusetts. You’re hitting entirely different areas. The world, as is the Dark Web at this point, is too big or anonymized that it’s too difficult for platforms to overlap on data caches.

If you are telling your clients that your monitoring service is providing them with a comprehensive evaluation of what is out in cyber space, you may be overpromising. And if they decide to sign up for a personal identity monitoring service, they will easily see that your reports may not be showing the full picture.

Bottom line: be cautious on how you are selling your Dark Web reporting. You don’t want to make your clients feel like they are addressing everything through your searches. Communicate that these reports are meant to get them to continually think about their identity (personal and professional) and to keep reminding them of the importance of good hygiene.

You should also be communicating that Dark Web monitoring alone will NOT keep them safe.

Dark Web monitoring in my opinion is only ever going to be a difficult hide and seek game. You are never going to see everything, and in some cases, may not find anything of extreme importance to your users.

What are some alternatives or additional ways to get your clients thinking about cybersecurity?

Have discussions on current events—now more than ever, simply having conversations diving into and relating current cybersecurity headlines to your client networks can be more powerful than any monitoring report. Get your clients engaged and feeling comfortable with some basic security lingo. Get them educated enough to understand their risks and what is going on in current attacks. One of my professors in college used to say, “You don’t know what you don’t know”. That’s exactly how I feel about cybersecurity in most SMBs today.

Get them to start a checklist of important accounts to maintain and monitor—as you work with them to target areas of their network and cyber presence, start helping them keep track of important accounts they should be regularly monitoring. Help them understand what accounts they might want to check on regularly (and help them come up with a strategy to update accounts that may have gone stale).

Get them to see what information they are leaving vulnerable—one of the easiest ways to get clients and prospects to understand how much data their employees are leaving vulnerable is to perform penetration tests. Get them to see where their vulnerabilities lie and start having conversations around ways to protect their data.

See how your stack stacks up—feel comfortable that your stack is protecting their information. See first-hand that your tools and processes are effective at doing what you think they are doing. We offer to the MSP community a free cyber stack evaluation that gets at the heart of making sure you and your team know that your tools are working.