- Organizations with a dark web exhibition are more vulnerable, warns the report
- Compromise accounts and double-risk market lists of cyber-violation
- Dark cumulative web sources increase threats to organizational cybersecurity
A study by Searchlight Cyber in collaboration with Marsh McLennan Cyber Risk Intelligence Center revealed a direct correlation between exposure to dark web and the high risks of cybersecurity.
The analysis of more than 9,000 organizations has given an overview of how the data found on the dark web considerably increases the probability of cyber attacks, in particular against companies without adequate protection.
Consequently, by monitoring exposure to dark web, companies can better understand and mitigate these risks, protect their data and reduce the chances of expensive violations.
Dark and cyber-risk web intelligence
The study analyzed the sources of intelligence on the Dark web against the loss of cyber-assurance reported from 2020 to 2023, and noted a violation rate of 3.7% over four years, suggesting that organizations with a form of ‘Exposure on the dark web presented a much higher risk of undergoing a cyber-incident.
Each of the nine sources of web dark intelligence studied, such as compromise user accounts, dark web market lists and outgoing dark web traffic, has shown statistically significant correlations with the risk of cybersecurity. The data points not only highlight the individual risk factors, but also emphasize the compound risk that emerges when several dark web sources interact.
In addition, a specific dark web activity increases the probability of cyber attacks. The presence of compromise user accounts linked to an organization has proven to increase the risk of violation by 2.56 times. The dark web market lists, when an organization or its data is mentioned, has increased the risk by 2.41 times, while traffic between the organization of an organization and the Dark Web has resulted in increased risk.
Other forms of exposure, such as the results of open source intelligence (OSINT) and leaks of paste sites, have also contributed to high risks. The results of the dough showed an 88% increase in the likelihood of an incident, while the OSINT results were correlated with an increased risk of 2.05 times. The presence of an organization data in forums, telegrams and dark web pages has also contributed to high risks, although to a slight extent.
It is also important for organizations to consider several sources of dark web intelligence together. For example, an organization identified in five high -risk categories proved to be 77% more likely to undergo a violation of cybersecurity compared to organizations without such exposure. Consequently, a combination of sources such as the results of the dough, the bone and the market lists has provided the highest indication of the cyber-risk.
Organizations are encouraged to adopt dark web monitoring practices. Organizations are also encouraged to improve cybersecurity practices to defend themselves against the risks posed by exposure on the dark web, in particular by guaranteeing solid password policies, using applications of multi-factor authenticators and Updated safety protocols to minimize the risk of compromise accounts.
In addition, getting involved in regular cybersecurity training for employees can help organizations better detect and respond to phishing attempts or other malicious activities often initiated via compromise identification information found on the Dark Web.
“The main conclusion of the analysis of Marsh McLennan is that all the data related to your organization on the Dark web is strongly correlated with your chance as a cyber attack,” noted Ben Jones, co-founder and CEO of Searchlight Cyber. “Dark web forums, hidden markets and communication channels, and the study quantified the risk of each of these dark web exhibitions for the first time.”
“If the security teams can identify their exposure on the Dark Web, they have a huge opportunity to act proactively, adjust their defenses and effectively stop attacks before being launched by cybercriminals. The first step is to gain visibility: to understand where the threat on the dark canvas comes from, from where the organization is targeted and of continuous monitoring to give itself the best chances of identifying and stopping an incident of cybersecurity. “”
