Many businesses are woefully unprepared for having their sensitive data leak on the dark web, a new report from cybersecurity researchers Kaspersky has claimed.
As per Kaspersky’s report, which analyzed a host of leaks and connected with the affected organizations last year, the company discovered sensitive data, belonging to 258 companies worldwide, leaking all over the web. The data was being sold to the highest bidder and often included access to company systems and endpoints, access to compromised accounts, and similar.
Kaspersky tried to contact these organizations and warn them about the risks, including penalties, financial losses, and a loss of trust, particularly among European businesses that are subjected to strict GDPR regulations.
That is where the researchers discovered how unprepared the firms are – 42% did not have a dedicated point of contact (POC) for cyber incidents. With such events, it is paramount that businesses react fast, and without a dedicated POC, they’re losing precious time. Furthermore, more than a quarter (28%) showed indifference to the fact that their data was being shared with malicious third parties online, while 2% denied being breached and having data stolen in the first place.
But it’s not all doom and gloom – some organizations did well, Kaspersky further claimed. Almost a quarter (22%) acted “appropriately”, the researchers said, acknowledging the information and addressing the risks. Another 6% knew of the incidents even before Kaspersky.
Data theft is one of the most popular forms of cybercrime these days. Ransomware operators almost always steal the data before encrypting the systems, and then demand payment in exchange for the decryption key and for not leaking the data on the dark web. In more recent times, some threat actors even abandoned encrypting systems altogether, focusing entirely on stealing data.
Researchers are saying it’s cheaper, as it doesn’t require software maintenance, while being equally lucrative.