By - Organizations with dark web exposure are more vulnerable, report warns
- Compromised accounts and market listings double cyber breach risks
- Cumulative dark web sources elevate organizational cybersecurity threats
A study by Searchlight Cyber in collaboration with Marsh McLennan Cyber Risk Intelligence Center has revealed a direct correlation between dark web exposure and elevated cybersecurity risks.
The analysis of over 9,000 organizations provided insight into how data found on the dark web significantly increases the likelihood of cyberattacks, especially against businesses without adequate protection.
Therefore, by monitoring dark web exposure, businesses can better understand and mitigate these risks, protecting their data and reducing the chances of costly breaches.
Dark web intelligence and cyber risks
The study analyzed dark web intelligence sources against the cyber insurance losses reported from 2020 to 2023, and found a breach rate of 3.7% over four years, suggesting organizations with any form of dark web exposure were at much higher risk of experiencing a cyber incident.
Each of the nine dark web intelligence sources studied, such as compromised user accounts, dark web market listings, and outgoing dark web traffic, showed statistically significant correlations with cybersecurity risk. The data points not only highlight individual risk factors but also emphasize the compounded risk that emerges when multiple dark web sources interact.
Furthermore, specific dark web activity increases the likelihood of cyberattacks. The presence of compromised user accounts linked to an organization was found to raise the risk of a breach by 2.56 times. Dark web market listings, where an organization or its data is mentioned, heightened the risk by 2.41 times, while traffic between an organization’s network and the dark web resulted in a 2.11 times increased risk.
Other forms of exposure, such as open-source intelligence (OSINT) results and paste site leaks, also contributed to elevated risks. Paste results showed an 88% increase in the likelihood of an incident, while OSINT results correlated with a 2.05 times increased risk. The presence of an organization’s data in forums, Telegram chats, and dark web pages also contributed to the elevated risks, although to a slightly lesser extent.
It is also important for organizations to consider multiple dark web intelligence sources together. For example, an organization identified across five high-risk categories was found to be 77% more likely to suffer a cybersecurity breach compared to organizations without such exposure. Therefore, a combination of sources such as paste results, OSINT, and market listings provided the strongest indication of cyber risk.
Organizations are encouraged to therefore adopt dark web monitoring practices. Organizations are also encouraged to enhance cybersecurity practices to defend against the risks posed by dark web exposure, including ensuring strong password policies, using multi-factor authenticator apps, and maintaining up-to-date security protocols to minimize the risk of compromised accounts.
Furthermore, engaging in regular cybersecurity training for employees can help organizations better detect and respond to phishing attempts or other malicious activities often initiated via compromised credentials found on the dark web.
“The core finding of Marsh McLennan’s analysis is that any data related to your organization on the dark web is highly correlated with your chance of a cyberattack,” noted Ben Jones, Co-Founder and CEO of Searchlight Cyber. “Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time.”
“If security teams can identify their exposure on the dark web they have a huge opportunity to proactively act, adjust their defenses, and effectively stop attacks before they are launched by cybercriminals. The first step is to gain visibility: to understand where the threat on the dark web is coming from, where the organization is being targeted, and continuously monitor to give themselves the best chance of identifying and stopping a cybersecurity incident.”
