Company Information on Dark Web Correlates to Higher Cybersecurity Threat: Study
The presence of any data relating to an organization on the dark web has a high correlation to its risk of a cyberattack, compared to companies without dark web exposures, according to an analysis of cyber claims and dark web data by the Marsh McLennan Cyber Risk Intelligence Center.
“The dark web is an obfuscated part of the internet that is prolifically used by cybercriminals to communicate between one another, plan their attacks, and buy, sell, and build the tools they need to execute them,” the report explained.
The Marsh study analyzed Searchlight Cyber’s dark web dataset against a sample of more than 9,000 organizations. Of that sample, 3.7% had suffered one or more cyber insurance losses in the last four years.
The three dark web factors that correlated with the largest increases in the incidence of an organization experiencing a cyber insurance loss were:
- Compromised users, which refers to the presence of an organization’s data such as passwords, email addresses, and usernames on the dark web. Among organizations with compromised user, 4.78% had a cyber breach in the previous 12 months, compared to an incident rate of 1.87% for organizations without compromised users, a 2.56X increase, the report found.
- Dark web market listings, which are mentions of an organization or data related to the organization on a dark web market. Cybercriminals use these marketplaces to sell company data, as well as access to systems and infrastructure. Finding dark web market listings increased the incident rate of a cyber breach to 8.69% from 3.61%, a 2.41X increase.
- Outgoing dark web traffic, which means traffic originating from within the organization’s network and connecting to the dark web. This threat indicates that someone within the corporate environment is accessing the dark web, the report explained. This could be a sign of malware or a malicious insider visiting dark web sites. The incident rate for a cyber breach jumped to 5.21% from 2.47% when outgoing dark web traffic was detected, a 2.11X increase.
Multiple dark web findings further compounds cybersecurity risk, according to the report. For example, companies with both compromised users and dark web market listings were 21% more likely to suffer a cybersecurity incident compared to unexposed peers. Compromised users alone increases risk by 7%, while dark web market listings by themselves make an organization 13% more likely to have an incident.
Organizations must gain visibility into their dark web exposure to understand vulnerabilities and inform defense priorities, the report recommends.
“Once visibility into threats emerging from dark webs is established, it is then critical that this exposure is continuously monitored. The dark web is anything but static; new sites emerge every day, thousands of posts are written on hacking forums, new products are bought and sold on illicit markets,” said Ben Jones, co-founder and CEO of Searchlight Cyber.
This pre-attack intelligence from the dark web provides a crucial window for security teams to act before the network is breached. By identifying exposure early, companies can take preventative action to mitigate the risk of a cybersecurity incident, Jones noted.
“Historically the insurance industry has focused on data from within an organization, such as questionnaires, along with outside-in technographic scans for determining cybersecurity risk,” observed Scott Stransky, managing director and head of the Cyber Risk Intelligence Center at Marsh McLennan.
“While this data is extremely valuable, ignoring dark web factors external to the organization’s network leaves the industry with a blind spot around who could be targeting the organizations they insure and the resources those cybercriminals possess to execute their attacks,” he said.
Obtain the full report here. &