According to research, organizations were subjected to 38% more cyberattack attempts last year than in 2021. While some industry sectors performed better than others (education and research topped the table with 43 percent more attempted attacks, while hardware vendors ranked last with 25 percent), none of the figures are encouraging, no matter what business you're in.
In reality, attempts and breaches are not synonymous. While you've probably heard from a slew of industry experts that it's "not a matter of if, but when" you'll be targeted, that's not the entire story. As the statistics show, attempted cyberattacks are unavoidable in today's world; however, perseverance and success are two very different metrics.
Cyberattacks rarely occur "out of the great blue yonder," particularly the structured attacks such as ransomware that keep security(opens in new tab) professionals awake at night. Threat actors, like everyone else, organize themselves. They conduct due diligence, perform reconnaissance on the organizations they are targeting, and look for and frequently purchase vulnerabilities that can be used to breach a company's defenses.
This means that there are opportunities to detect malicious activity in the planning stages before an organization is attacked. Businesses can inform their cybersecurity(opens in new tab) efforts by monitoring the deep and dark web, which are used by threat actors when they are in the reconnaissance phase.
Understand your enemy
Organizations devote significant resources to bolstering their cybersecurity defenses, but they frequently have little understanding of who their attackers are and how they operate. At best, they are stretching their people and budgets thin by attempting to prioritize all risks at the same time. At worst, it can result in a defense misalignment for the threats they face - the cyber equivalent of erecting walls while criminals tunnel underground.
Dark web intelligence is one method for organizations to gain a better understanding of the specific threats to their business. For example, if a company discovers that the credentials and passwords of its employees are available for wholesale online, authentication becomes the obvious priority. Whereas high volumes of dark web traffic to a network port would necessitate increased network security.
Sometimes the hints are not even subtle. Many aspects of a data breach have been outsourced as cybercrime has become more professional. The same criminals launching a ransomware attack may not be the same gang that breached the network in the first place; they may have purchased that access from the aptly named "access brokers," who sell vulnerabilities on the dark web for others to exploit. They, like anyone else who sells a product, must market it. As a result, a company that monitors the dark web for its company name, IP address, or credentials may be able to detect access to its network as it is being sold.