Lessons from the Deep Web that could lead to a more secure IoT
We've only touched the tip of the iceberg when it comes to the 'surface web' but there's even more to uncover if we dig into the Deep Web.
As big as the Internet sometimes feels – with its endlessly multiplying number of sites, blogs and new applications – what most of us experience is literally the tip of the digital iceberg, the majority of which is comprised of the Deep Web.
Search engines like Google are so efficient it’s easy to overlook the enormous volume of content they fail to index. In fact, experts describe the Deep Web as the largest-growing category of new information on the Internet, with a whopping 400 to 550 times more public information than the “surface Web,” or the areas we surf and browse when we go online.
Unfortunately, the invisible nature of the Deep Web has made it a playground for nefarious activity including data theft, fraud and other cyber-criminal activity is flourishing. As the world becomes more connected than ever before via the Internet of Things (IoT), we have an opportunity to learn from the Deep Web about the steps all organizations should collectively take to mitigate the worst of the risks.
As a data scientist, what fascinates me about the Deep Web is not only the volume of information but the rules of engagement among those who lurk there. It’s a world marked by a surprising level of collaboration, where those who steal credit card numbers, for example, are discussing it in clandestine chat rooms and others work together to create botnets that can control 100,000 PCs.
Today, the US government (via DARPA) is combating these kinds of activities by creating the ‘Memex’ search engine to get better visibility into the Deep Web. Unlike traditional search engines that are built as a “one size fits all,” Memex searches out specific pieces of information related to things such as human trafficking and slavery.
At the same time, however, another explosion of information may complicate matters further, as everyday objects start transmitting and receiving information over IP. Even if the IoT manages to offer us “smart homes” with appliances that alert us before they need to be replenished or repaired, they open up their own areas of vulnerability, too.
Data science will help here, obviously — as the IoT evolves, we can learn a lot more about what kind of information we truly need to collect and manage, and to do it more securely. Yet the slew of IoT platforms, apps and devices will require precise information that can be easily located and shared. Otherwise, it could become nearly as impenetrable as the Deep Web itself.
There are several ways we can learn from the Deep Web to keep the IoT as safe as possible. For instance, collaboration shouldn’t only be a best practice for cyber-criminals. As understandably difficult as it is for financial institutions and other organizations to share device IDs and other potentially sensitive information, it is only by working better together that we will not only react to security issues but prevent them before they happen.
In fact, sharing data to combat a common enemy is what makes analytics so powerful. Let’s say a fraudster has taken over my credit card and financial details, and my PC as well. He or she still doesn’t know my behavior. Even if the fraudster is able to anonymize the IP address, they might not use the same browser, or make the same kind of purchases as I’ve made in the past. Behavior analytics can flag those sorts of things, but these are solutions that are going to depend on the level of data you can feed to them and how much collaboration exists to support that.
The Deep Web should also teach organizations pursuing the IoT that, rather than seek out difficult solutions, look for simpler solutions. There is a lot of information passing through devices amid digital transactions today you would think are not very useful, but they are. This could include the system offset in terms of the time a transaction takes place, or the default language in the laptop used to make it. These clues help build a picture that will help us distinguish fraud from legitimate activities.
The time to start building in safeguards for the IoT has already begun. If you thought traditional IT security was a challenge, it’s a lot like the Deep Web – we’ve only really scratched the surface.