In an era where cybercriminals are more sophisticated than ever, and attacks are becoming more commonplace by the day, the market for stolen data on the dark web has become a truly lucrative trade. Recent years have seen the spoils of many cyberattacks end up for sale on underground marketplaces.

For instance, the recent attack on the European Medicines Agency (EMA) saw confidential information on the Pfizer COVID-19 vaccine was leaked across several hacking forums. The fact that billions of private records are changing hands poses a threat to businesses everywhere.

The dark web is the term used for web content that exists on darknets: networks that require specific software or authorisation to access. Through the dark web, users can communicate anonymously without divulging identifying information. While not all activity on the dark web is illegal, it is often the preferred forum for criminals.

Ultimately, the variety of threats that businesses could face from the dark web is endless. Essentially, criminals are after anything that can be traded for profit - usernames, passwords, credit card details, intellectual property, bank details, or employee information. The criminals will then leverage this data for financial gain. While it's hard to give concrete figures on the price data will fetch on the dark web, recent examples include the aftermath of 2018's British Airways hack, where stolen logins sold for as little as £7.

When factoring this is in with the fact that it takes on average nine months to discover a breach, the risks become even clearer. Unfortunately, once the data is out there, there's not a great deal to be done to get it back. Therefore, the main mode of defence for any organisation is to prevent these breaches happening in the first place. Businesses need to zero in on ensuring they have a layered cybersecurity posture. The idea behind this is simple: The more barriers are placed in front of criminals, the better the chances to prevent them stealing data. By looking at cybersecurity in this way, companies can build an extremely robust line of defence.

This will not only require a blend of the best technology available, such as strong identification and authorisation, sandboxing, SSL encryption, and cloud application security, but indeed also a consistent emphasis on employee education. Even with the finest technology in the world, if workers are not wise to the nature of threats, a simple phishing attack could expose all your data.

Ultimately, combining this approach with a top-down focus on ensuring that best practices are being adhered to is the best way to prevent sensitive data falling into the wrong hands.