How Corporate Responds To Compromised Dark Net Data
The annual Cyber Security Weekend – META 2023 revealed the details of Kaspersky’s initiative on Darknet incidents monitoring. One thing the victim companies have in common is that they are notified about the cybersecurity incident related to corporate data compromised on the Dark web. This could take the form of the sale of a database, infrastructure compromise or ransomware.
Only critical responses were highlighted so fakes, public or generic data was not considered incidences worthy of a report. Only recent critical and time-sensitive incidents were taken into account – those that required immediate action from the victim organisation.
The monitoring was carried out on freely available Darkweb forums and blogs. Compromised data was not verified in any way to avoid unauthorised access to victim companies’ infrastructure. In total, 258 companies globally, including 35 companies from the META region, received incident reports within the initiative.
Among the leading industries by the number of reported incidents globally were banking, service industries, manufacturing, government and energy. As for the META region, the government sector was leading in terms of the number of incidents reported, followed by the telecom sector and the banking sector.
The results of the initiative revealed 42 per cent of the companies don’t even have a single point of contact for cyber incidents, no dedicated manager or team responsible for solving problems connected with cybersecurity; no internal procedures or instructions are in place. Nearly a third of the companies (28 per cent) did not react to the information about cyber incidents or said that they did not care. 2 per cent of the companies that received information about a cyber incident simply denied the fact it had happened even though such an approach can potentially harm business processes or lead to penalties due to GDPR regulations. Ignoring cyber incidents may break partners’ and clients’ trust, ruin their reputations, and even lead to financial losses for the business.
About 22 per cent of notified companies reacted by confirming and accepting the information, assessing the risks realistically and aiming at solving the problem. On top of that, 6 per cent of companies that reported incidents on the Darknet indicated they are already aware of the incident. It means that they don’t just investigate the incident and know how to deal with it, but they have the right approach to monitoring and detection.
“The results of our initiative about how companies react to the fact that their data is compromised on the Darknet are rather discouraging: reactions of only a third (27 per cent) of the companies can be called adequate to the situation, while the rest are stuck in a firestorm of emotions – from ignorance to denial and helplessness,” comments Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.
“While Darknet monitoring seemed to be complicated previously, currently the situation is changing. Dark web monitoring should be considered a threat intelligence data source for cybersecurity staff – CTI analysts, SOC analysts, and others. It will allow us to immediately react to security incidents such as offers on selling access to the company or data leakages and help to prevent data breaches. Digital Footprint Intelligence introduced within the Kaspersky Threat Intelligence portal provides access to insights from a range of validated sources worldwide, allowing companies to mitigate the impact of cyberattacks and identify potential threats before they become incidents,” he concluded.