Many companies aren't prepared for darknet data leaks

News
By Sead Fadilpašić
published

Firms are showing indifference and lacking points of contact

How to prevent cyberattacks
(Image credit: Unsplash)

Many businesses are woefully unprepared for having their sensitive data leak on the dark web, a new report from cybersecurity researchers Kaspersky has claimed.

As per Kaspersky’s report, which analyzed a host of leaks and connected with the affected organizations last year, the company discovered sensitive data, belonging to 258 companies worldwide, leaking all over the web. The data was being sold to the highest bidder and often included access to company systems and endpoints, access to compromised accounts, and similar.

Kaspersky tried to contact these organizations and warn them about the risks, including penalties, financial losses, and a loss of trust, particularly among European businesses that are subjected to strict GDPR regulations.

Appropriate reactions

That is where the researchers discovered how unprepared the firms are - 42% did not have a dedicated point of contact (POC) for cyber incidents. With such events, it is paramount that businesses react fast, and without a dedicated POC, they’re losing precious time. Furthermore, more than a quarter (28%) showed indifference to the fact that their data was being shared with malicious third parties online, while 2% denied being breached and having data stolen in the first place.

But it’s not all doom and gloom - some organizations did well, Kaspersky further claimed. Almost a quarter (22%) acted “appropriately”, the researchers said, acknowledging the information and addressing the risks. Another 6% knew of the incidents even before Kaspersky.

Read more

> Atlassian is being actively exploited to compromise corporate networks

> Atlassian is suffering a whole bunch of awful security issues

> These are the best firewalls right now

Data theft is one of the most popular forms of cybercrime these days. Ransomware operators almost always steal the data before encrypting the systems, and then demand payment in exchange for the decryption key and for not leaking the data on the dark web. In more recent times, some threat actors even abandoned encrypting systems altogether, focusing entirely on stealing data. 

Researchers are saying it’s cheaper, as it doesn’t require software maintenance, while being equally lucrative.

Via: Infosecurity Magazine

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.