Dive Brief:
- Any data relating to a company on the dark web significantly increases that organization’s risk of suffering a cyberattack, a study by Marsh McLennan’s Cyber Risk Intelligence Center found.
- Organizations that are mentioned in dark web market listings or that have compromised accounts on the dark web are more than twice as likely to experience an attack, according to a report on the findings released Monday.
- “Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time,” Ben Jones, CEO of dark web intelligence firm Searchlight Cyber, which collaborated with Marsh McLennan, said in a press release.
Dive Insight:
Cybercriminals use the dark web to communicate among one another, plan their attacks, and buy, sell, and build the tools they need to execute them, according to the Marsh McLennan report.
Dark web intelligence is “highly correlated” with forthcoming cyber incidents, as well as cyber insurance loss frequency, the research found.
“The first step has to be to gain visibility into your exposure on the dark web,” the report said. “Understanding where the organization is vulnerable is critical for informing defense and the value of pre-attack intelligence is that it creates an invaluable window of time for the security team to act before the network is breached.”
Marsh McLennan analyzed Searchlight’s dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023 to determine whether there was a correlation between data breaches and findings on the dark web in the year before the incident.
The first of half of 2024 saw 1,571 data compromises, a 14% increase compared to the year-earlier period, according to an analysis by the Identity Theft Resource Center, a nonprofit organization established to support victims of identity crime.
In one high-profile example, AT&T in late March disclosed a massive data security breach impacting as many as 73 million current and former customers. The company said it determined that “data-specific fields” from the company were contained in a data set released on the dark web.
The compromised data varied by customer and account, but may have included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, and AT&T account numbers and passcodes, according to a set of frequently asked questions published by the company at the time.
The incident triggered a flurry of proposed class action lawsuits. In June, the Judicial Panel on Multidistrict Litigation issued an order that consolidated the cases in the U.S. District Court for the Northern District of Texas.
Nearly half of U.S. businesses have suffered significant revenue loss due to a data security incident, according to survey results published last month by data protection company Arcserve.