minute read

The differences between the surface web, deep web, and dark web, as well as how to protect a company from cyber threats

In Today’s Digital World, Three Words are Guaranteed to Sow Fear and Confusion: the Dark Web.

It’s the domain of everything from illicit drugs and weapons dealing, to stolen government data and sophisticated cyberattacks. These shadowy corners of the internet contain society’s deepest darkest fears; they may be out of sight but their risks are ever-present.

One aspect of that mission is to demystify the dark web for agency employees and offer a variety of data breach responses, including:

  • Monitoring dark web access attempts
  • Preventing dark web browser downloads
  • Educating personnel to recognize risks and threats
  • Dark web monitoring for breaches and unauthorized disclosures

It’s important to understand that ordinary government users won’t accidentally stumble onto the dark web. Government devices block dark web URLs, but personnel can still access this realm using personal devices if they take specific steps. Even if they don’t intentionally enter the dark web, they are not immune to its threats.

The Three Levels of the Internet

There is much more to the internet than what you find in a Google search. Let’s unpack the three layers that make up the modern web.

The Surface Web

This is the internet as most people experience it today: open, fast, and accessible to anyone with a browser and an internet connection. Major corporations like Google, Facebook, and others serve as gateways to the surface web. Although it seems like the entire internet, the surface web actually accounts for only 4% of it, according to a post from TechJury.

The Deep Web

Also known as the invisible web, the deep web is a crucial but often misunderstood part of the internet. This part of the internet isn’t indexed by search engines, and represents a more secure layer of the internet. Examples include bank account details, healthcare records, email accounts, and file sharing apps. All of this is private information that you don’t want other people to be able to search for but is vital for the functionality of the web.

The Dark Web

This hidden part of the internet harbors most of the illegal activity. To access it, you need a special browser, called a Tor browser. There are no .com addresses on the dark web, instead, most websites use URLs that end in .onion. But once you’re inside, it functions much like the ordinary internet. Despite its murky reputation, the dark web also serves legitimate purposes. It was originally developed by the U.S. Navy for secure communications and is used by pro-democracy activists and journalists.

Studies of the dark web reveal:

  • 59% of listings are for illicit drugs
  • 17% are comprised of fraud and counterfeit listings

Safeguarding Your Agency and its Employees

Understanding the risks and taking proactive steps ahead of time is key to thwarting dark web access. Here are three important strategies you can deploy.


By far the most important thing you can do is educate your workforce about internet dangers, using real life case studies. The more they know and understand, the better the chances are that they will recognize a threat before it becomes a problem. 

88% of cyber incidents are due to human error. More often than not, people are unaware they are engaging in risky behavior online.

Government employees who want to speak out on an issue also need to be aware of the proper government channels that exist to effectively process any complaints, and protect their identity.

To learn more about how an employees digital footprint can put the entire organization at risk, take a look at this handy infographic.

Encourage Digital Hygiene

All too often, bad actors from the dark web find loopholes they can exploit through employee negligence.

People lose personal devices or leave them unattended in public spaces; employees resign and forget they have access details to their old companies, use simple passwords, leave documents unattended on unsecured printers – there are countless ways for vulnerabilities to creep into the system.

Creating a culture of good digital hygiene in the age of remote work is one of the most important pieces of the puzzle for your agency.

Best practices surrounding safe browsing, and handling sensitive information should be key components of a security-minded culture. 

Know How to React When a Breach Occurs

The first few moments after a breach is detected are vital. Make sure that you have a Pre-Breach Incident Response Plan in place so everyone knows how to react when there is a data breach. Do you know what’s been compromised? Who is in charge? Are you shutting down operations or not? What do you tell the public?

These questions need to be answered and understood by your team so that you’re not making up a response on the fly when a cyberattack occurs.

Communication and orchestration are key components of breach response. The seamless flow from identification, containment, eradication and recovery reduces reputational and compliance risks and preserves public confidence.

Remote Work Has Made Hacking Easier

With the growth of remote work, federal employees often operate outside an agency firewall, making them, along with their employers, more vulnerable to cyber threats. The ZeroFox Dark Web Monitoring proactively searches the internet and dark web for compromised personal information.
In this era of frequent data breaches, protecting personal identity is vital. If you’re ready to commit to digital privacy protection, reach out to one of our experts today.

CTA for Hitchhiker's Guide to the Dark Web