/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
A new report from cyber security researcher Kaspersky claims that many businesses are woefully unprepared for their sensitive data leaks on the dark web.
According to the Kaspersky report, which analyzed multiple leaks and linked them to organizations affected last year, the company found sensitive data belonging to 258 companies around the world being leaked across the web. The data was being sold to the highest bidder and often included access to company systems and endpoints, access to compromised accounts, and so on.
Kaspersky tried to contact these organizations and warned them of the risks, which include fines, financial loss and loss of trust, especially among European businesses that are subject to strict GDPR regulations.
appropriate responses
This is where the researchers discovered how unprepared companies were – 42% did not have a dedicated point of contact (PoC) for cyber incidents. With such incidents, it is paramount that businesses react fast, and without a dedicated PoC, they are losing precious time. Furthermore, more than a quarter (28%) showed apathy to the fact that their data was being shared with malicious third parties online, while 2% denied having been breached and data stolen in the first place.
But it’s not all doom and gloom — some organizations fared well, Kaspersky further claimed. Nearly a quarter (22%) had acted “reasonably”, the researchers said, acknowledging the information and addressing the risks. Another 6% were already aware of the events before Kaspersky.
Data theft is one of the most popular forms of cyber crime these days. Ransomware operators almost always steal data before encrypting the system, and then demand payment in exchange for the decryption key and for not leaking the data to the dark web. In recent times, some threat actors have abandoned encrypting systems altogether and focused entirely on stealing data.
Researchers are saying it is cheaper, as it requires no software maintenance, while being just as attractive.
Via: Infosecurity Magazine
