Research Exposes Cybersecurity Industry’s Vulnerabilities On The Dark Web
Tuesday, September 8, 2020
Of the 398 cybersecurity companies tested, only those in Switzerland, Portugal and Italy did not suffer any high or critical risk incidents, while those in Belgium, Portugal and France had the lowest number of verified incidents.
Ilia Kolochenko, CEO & Founder of ImmuniWeb, commented on the research:
“Today, cybercriminals endeavor to maximize their profits and minimize their risks of being apprehended by targeting trusted third parties instead of going after the ultimate victims. For instance, large financial institutions commonly have formidable technical, forensic and legal resources to timely detect, investigate and vigorously prosecute most of the intrusions, often successfully. Contrariwise, their third parties, ranging from law firms to IT companies, usually lack internal expertise and budget required to react quickly to the growing spectrum of targeted attacks and APTs. Eventually, they become low-hanging fruit for pragmatic attackers who also enjoy virtual impunity. In 2020, one need not spend on costly 0days but rather find several unprotected third parties with privileged access to the ‘Crown Jewels’ and swiftly crack the weakest link.
“Holistic visibility and inventory of your data, IT and digital assets is essential for any cybersecurity and compliance program today. Modern technologies, such as Machine Learning and AI, can significantly simplify and accelerate a considerable number of laborious tasks spanning from anomaly detection to false positive reduction. This picture is, however, to be complemented with a continuous monitoring of Deep and Dark Web, and countless resources in the Surface Web, including public code repositories and paste websites. You cannot protect your organization in isolation from the surrounding landscape that will likely even more intricate in the near future.” Read Full Article
The Daily Swig: Majority of top cybersecurity organizations have leaked data on dark web – report
Infosecurity Magazine: Cybersecurity Companies Expose Sensitive Data Online