The dark web is where cybercriminals thrive anonymously, conducting illegal activities such as selling stolen information, drugs and weapons and even trafficking humans. It’s a shadowy world that seriously threatens our online security and privacy.
In this two-part bonus episode of Channel Insider: Partner POV, host Katie Bavoso interviewed Simon David Williams, CEO of ISM (Informatique Sécurité Management) Group. Williams and his team focus on protecting clients from exposure and exploitation on the dark web, taking down criminals operating there, and mitigating damage in case of a breach. He shared his journey and personal experience, starting from being a victim of cybercrime in 2017 to educating others about the dangers of the dark web.
From MSP to dark web expert: The dark experience of ISM Group
ISM was founded in 2008. The company operated as a managed service provider (MSP) and a value-added reseller (VAR) catering to the needs of small to medium-sized businesses until 2017, when it fell victim to a major cybercrime incident. This incident led to a substantial amount of information from ISM and its clients being stolen and transferred to the dark web.
“ISM was the victim of a major cybercrime, so we had a whole lot of information from ISM, and of course, as an MSP and a value-added reseller, we have access to a whole lot of systems and private information from ISM was exfiltrated outside of the business,” Williams said. “We were at risk for a certain time, so in our case, we were lucky. I mean, the information was not published anywhere, and we had control of that information, but as of now, hackers are publishing data from businesses that are being hacked.”
Williams recounted the initial shock and subsequent efforts to secure their systems and assist clients. He shared the anxiety and challenges he faced during this period. This experience led to heightened security measures and a newfound dedication to helping others navigate similar situations.
Listen to the Part 1 of the podcast:
Watch the Part 1 video:
Understanding the dark web
Williams defined the dark web and explained how it operates through the encryption and anonymity features offered by platforms like Thor. He delved into the layers of security and encryption that make the dark web attractive for those seeking anonymity online.
“The dark web guarantees encryption and being anonymous,” Williams said.
Williams emphasized the contrast between the dark and surface web, underlining the former’s appeal for secure communication and information exchange. He touched upon the diverse range of activities on the dark web, from the exchange of sensitive information to illicit transactions. He also noted that while some users leverage the dark web for legitimate purposes, such as whistleblowing or accessing censored content, it also harbors malicious actors engaged in activities like drug trafficking, hacking services, and the sale of stolen data.
Jedi Against Pirates: An ISM Group conference
Williams’s experience in 2017 led to the creation of “Jedi Against Pirates,” a conference that exposes the reality of cybercrime and the choice individuals have to be ethical or unethical on the dark web. The name suggests a battle between opposing forces: the Jedi, symbolizing those who choose the path of ethics and righteousness, and the Pirates or ‘Sith,’ representing the lawless and unethical actors operating in cyberspace.
“Jedi against Pirates is a full conference of what happened back in 2017 at ISM. It’s also a way of exposing how easy it is to be a hacker so you can easily get to be a member of a hacker group. So I present the different hacker groups that are out there. I show people in the IT community how to join them and how they work,” Williams explained.
Prevention is the best defense against the dark web
In the second part of the conversation, Williams discussed mitigating attacks after exploitation on the dark web. He also shared strategies to secure personal and business information from the dark web.
Should you be a victim of a cyberattack, Williams emphasized the importance of immediate action and understanding the legal obligations in jurisdictions like Quebec, where companies must disclose breaches.
Listen to Part 2 of the podcast:
Watch the Part 2 video:
Individual and business protection
Williams stressed the importance of multi-factor authentication (MFA) when Katie asked how individuals or businesses can keep themselves safe from being exposed or exploited on the dark web.
For individuals and businesses, MFA adds an extra layer of security beyond passwords, significantly reducing the risk of unauthorized access.
“Multi-factor authentication, it’s not 100%, but it does help a lot,” Williams said. “Everything you have access to should have MFA. It’s hard to implement that because it’s a hassle. Let’s talk about it. It’s a hassle. You receiving a notification on your phone saying yes or entering a code. But it’s very important because that’s going to maybe eliminate 90% of every hacker group out there.”
He also recommended using unique, complex passwords and monitoring credit reports for suspicious activity.
Cybersecurity insurance as another layer of security
Cybersecurity insurance was discussed as an additional layer of security for businesses. Williams noted that many insurers require specific tools in a security stack for companies to be eligible for cyber insurance coverage. The mentioned tools include MFA, extended detection and response (XDR), managed detection and response (MDR), endpoint detection and response (EDR), and third-generation firewall.
These tools are considered best cybersecurity practices and can help prevent, detect, and respond to cyberthreats.
Read More: Top MSSP Software to Best Serve Your Security Clients
Becoming a Jedi against Pirates
For those interested in becoming a Jedi rather than a Sith, Williams encouraged individuals interested in improving their cybersecurity practices to reach out to him on LinkedIn or via email for guidance, assistance, or simply to listen. He emphasized that the goal is not to gain new clients but to support the community as a team. Williams believes that by working together as a cohesive unit, individuals and businesses can make a significant impact on cybersecurity and challenge the dark forces in IT and cyberspace.
Explore the video or podcast above for a deeper understanding of Katie Bavoso and Simon David Williams’s discussion. Remember to hit the like button and subscribe for upcoming interviews with solution providers and thought leaders, alongside special episodes and opportunities!
Who else made the HSP250? Browse the whole list to find out!
