Denial, bargaining, acceptance: reactions to corporate data compromised on the Darknet
At the annual Cyber Security Weekend – META 2023, the details of Kaspersky’s recent initiative on Darknet incidents monitoring were revealed. When detecting a cybersecurity incident related to corporate data compromised on the Dark web, whether it be sale of a database, infrastructure compromise or ransomware, the victim company was notified about this threat by Kaspersky team.
Kaspersky initiative implied that only critical incidents were reported to the victim companies, so fakes, public or generic data was not considered an incident to report. Only recent critical and time-sensitive incidents were taken into account – those that require immediate action from the victim organization. The monitoring was carried out on Darkweb forums and blogs that are available for free. Compromised data was not verified in any way to avoid unauthorized access to victim companies’ infrastructure. In total, 258 companies globally, including 35 companies from META region, received incident reports within the initiative.
Among the leading industries by the number of reported incidents globally were banking, service industries, manufacturing, government and energy. As for the META region, government sector was leading in terms of number of incidents reported, followed by telecom and banking sector.
The results of the initiative revealed that 42% of the companies don’t even have a single point of contact for cyber incidents, there is no dedicated manager or team responsible for solving problems connected with cybersecurity; no internal procedure or instructions are in place. Nearly a third of the companies (28%) did not react to the information about cyber incident or said that they did not care. 2% of the companies that received information about a cyber incident simply denied the fact it had happened even though such an approach can potentially harm business processes or lead to penalties due to GDPR regulations. Ignoring cyber incidents may break partners’ and clients’ trust, ruin the reputation and even lead to financial losses for business.
Nevertheless, 22% of companies that had been notified of cyber incidents reacted in a proper way by confirming and accepting the information, meaning that they assess the risks realistically and aim at solving the problem. On top of that, 6% of companies that reported incidents on the Darknet indicated that they are already aware of the incident. It means that they don’t just investigate the incident and know how to deal with it, but they have the right approach to monitoring and detection.
“The results of our initiative about how companies react to the fact that their data is compromised on the Darknet are rather discouraging: reactions of only a third (27%) of the companies can be called adequate to the situation, while the rest are stuck in a firestorm of emotions – from ignorance to denial and helplessness,” comments Yuliya Novikova, Head of Digital Footprint Intelligence. “While Darknet monitoring seemed to be complicated previously, currently the situation is changing. Darkweb monitoring should be considered a threat intelligence data source for cybersecurity staff – CTI analysts, SOC analysts, and others. It will allow to immediately react on security incidents such as offers on selling access to the company or data leakages and help to prevent data breaches. Digital Footprint Intelligence introduced within the Kaspersky Threat Intelligence portal provides access to insights from a range of validated sources worldwide, allowing companies to mitigate the impact of cyberattacks and identify potential threats before they become incidents.”