A new report by the Kaspersky Digital Footprint Intelligence team has revealed that several companies worldwide are severely unprepared when dealing with darknet data leaks.
The initiative, carried out in 2022, tracked dark web posts offering access to companies, compromised accounts and other critical incidents. Kaspersky said it promptly notified victim companies about these threats.
In particular, the firm confirmed it sent incident reports to 258 companies worldwide. Among the global trends observed, European companies were most frequently affected, accounting for over 25% of the notifications (66 reported incidents) that required immediate attention.
Noticeably, incidents involving fake, public or generic data were not considered reportable.
In total, the initiative’s results revealed that 42% of the companies lacked a dedicated point of contact for cyber incidents, 28% showed indifference and 2% denied the incidents altogether.
Kaspersky said such negligence can lead to penalties, financial losses and a loss of trust, particularly in Europe due to strict GDPR regulations.
However, 22% of companies reacted appropriately, acknowledging the information and addressing the risks, while 6% demonstrated proactive monitoring and detection, indicating prior awareness of the incidents.
Yuliya Novikova, head of Digital Footprint Intelligence, expressed concern over the companies’ responses.
“The findings from our initiative regarding companies’ reactions to data compromises on the darknet are rather discouraging. Only a third of the companies adequately responded to the situation, while the majority seemed to be engulfed in a whirlwind of emotions ranging from ignorance to denial and helplessness.”
Novikova also emphasized the importance of darknet monitoring as a valuable and accessible source of threat intelligence data.
“This resource enables immediate responses to security incidents such as offers to sell access to company systems or data leaks, ultimately helping to prevent data breaches,” Novikova concluded.
To protect organizations from similar threats, Kaspersky experts recommend keeping software updated on all devices and using the latest threat intelligence information, among other tactics.