Companies mentioned on the dark web at higher risk for cyber attacks

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyber attack, according to Searchlight Cyber.

Dark web insights and breach correlation

Marsh McLennan Cyber Risk Intelligence Center analyzed the dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023 to determine whether there was a correlation between data breaches and findings on the dark web in the year before the incident.

The study found that all Searchlight’s dark web intelligence sources are correlated to increased cybersecurity risk.

The study also included a multi-variable analysis, which showed that combining multiple dark web sources provides a stronger indication of increased cyber risk. Paste Results, OSINT Results, and Dark Web Market Listings were found to be the most correlated to cyber insurance loss frequency in conjunction with other factors.

“The core finding of Marsh McLennan’s analysis is that any data related to your organization on the dark web is highly correlated with your chance of a cyber attack. Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time,” said Ben Jones, CEO of Searchlight Cyber.

“If security teams can identify their exposure on the dark web they have a huge opportunity to proactively act, adjust their defenses, and effectively stop attacks before they are launched by cybercriminals. The first step is to gain visibility: to understand where the threat on the dark web is coming from, where the organization is being targeted, and continuously monitor to give themselves the best chance of identifying and stopping a cybersecurity incident,” added Jones.

Each dark web source is individually a reliable indicator of cybersecurity risk but if an organization is missing sources there may be threats that they are unaware of. As the study shows, they will also have a less reliable view of their combined cybersecurity risk. Cybersecurity teams need to establish that they have coverage of all areas of the dark web – marketplaces, forums, paste sites, Telegram channels, and dark web sites.

Organizations require detailed insights for dark web threat mitigation

While the presence of findings in any dark web category provides organizations with a high- level overview of risk, a comprehensive assessment of the threat and the implementation of defensive measures requires a far more granular level of intelligence.

Visibility into where the organization is exposed, and knowledge of the risk associated with each of those threats, is most valuable when it is applied in prioritizing resources. All cybersecurity teams have stretched resources, which means that tough decisions need to be made on where budget, staff, and tooling can be applied most effectively. These decisions should be led by intelligence on the most likely paths to a cyber attack. Ideally, this intelligence should be specific the organization, as each business has its own uniqu cybersecurity challenges and adversaries.

A single, point-in-time analysis of an organization’s dark web exposure is insufficient for protecting an organization in the long term. As cybersecurity professionals are well aware, the threat landscape is always evolving. Cybercriminals develop new tactics, identify new points of weakness, and select new targets on a daily basis. Organizations therefore need to continuously monitor their dark web exposure for the earliest possible warning of an emerging threat.

“Historically the insurance industry has focused on data from within an organization, such as questionnaires, along with outside-in technographic scans for determining cybersecurity risk. While this data is extremely valuable, ignoring dark web factors external to the organization’s network leaves the industry with a blind spot around who could be targeting the organizations they insure and the resources those cybercriminals possess to execute their attacks,” said Scott Stransky, Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center.

“Our analysis of the dark web intelligence market found that this dataset is highly correlated with cyber insurance loss frequency and that external threat factors are correlated with cybersecurity incident frequency,” concluded Stransky.