WHEN a person thinks of cyber security, they often think of antivirus software and phishing attacks, with data stolen from the outright.

But attacks have become more sophisticated, which is one reason cybersecurity firm Bondgate IT has made dark web monitoring non-negotiable for customers.

"Technology is no longer a cost, it's a necessity. If you only have an antivirus, you may as well not have anything," said Bondgate IT's managing director Garry Brown.

The dark web is a part of the internet that is not indexed by search engines and needs specific software to access, making it widely inaccessible to the general public.

This provides anonymous, highly secure ways to communication for the likes of human rights activists and journalists, but this also makes it a hotspot for criminal activity.

Dark web monitoring is a way to gather intelligence using key words. For example, by searching for a specific email domain, Mr Brown can see how many email addresses and passwords from that firm are up for sale.

Keeping on the forefront of industry trends since it began in 1998, the Darlington company uses an automated tool to constantly scan this shadow web for client details.

Mr Brown says hacks are often a result of third party breaches, where personal information likes names and passwords are accessed by criminals.

He said: "Humans often cause their own problems - we use the same password or a variation of it across accounts, including email and banking.

"Once they have access to your inbox, they can see who you're talking to, your sent emails, they can request password changes and access the likes of Amazon and your card details."

"Criminals buying and selling credentials online could have sat on the data for some time, with the breach being unknown by the victim. This makes it easy for hackers to access email accounts and silently monitor communications before impersonating them."

For example, with access to a managing director's email, a criminal may send an email to the finance director asking money to be sent for a new contract.

Mr Brown added: "It will come from the right email, sound like the right person and won't be out of the ordinary. The finance lead will go ahead and do it, but will be giving away millions to the criminal without anyone realising."

Business can now get insured against hacks, Mr Brown says, emphasising the scale of the problem.

He said: "What is the value of your company's data?

"This is something people don't know about, like what difference does it make to me? But businesses should want to know if their information is on sale.

"I would hope it doesn't happen, but if it does, the impact is too large. "

If data is flagged on the dark web, a password change will mitigate risks.

The boss added that dark web monitoring should be used as part of a multi-layered cybersecurity strategy.

Other personal information is also sold on the dark web, such as driving licence and national insurance numbers, which can be used for identity fraud.