Companies are worried about the dark web…but aren’t really doing much about it

Many Chief Information Security Officers (CISO) are worried about threats coming from the dark web, but aren’t doing much about it, a new report published by Searchlight Cyber has found.

The dark web intelligence company recently polled more than a thousand CISOs working in large enterprises, and found 93% were worried about dark web threats, and 72% believed intelligence on cybercriminals is “critical” in efforts to protect their organization’ endpoints and data from hackers. 

But other than collecting intelligence on these groups, their tools, networking, MOs, and similar – they aren’t really doing much about it. 

Worth the trouble

That being said, the researchers claim 71% of CISOs would love to see if their suppliers are being targeted on the dark web. In fact, just a third (32%) of those gathering intelligence from the dark web are using it to look for attacks on their supply chain. 

For Ben Jones, CEO and co-founder of Searchlight Cyber, businesses have a lot of work ahead, but it just might pay off: “What is significant is the clear pattern that emerges between gathering more threat intelligence and data from the dark web, and a better security posture,” he said. 

“For the UK enterprises that haven’t identified the opportunity of dark web intelligence the results make it crystal clear: gathering dark web intelligence will help them gain a better understanding of their adversaries and increase their chances of spotting an attack.”

Drilling deeper into the results, the researchers found that businesses in different industries respond differently to threats coming from the dark web. The majority of those in the finance industry (85%) already gather data from the dark web, while the healthcare industry lags behind with 57%. The oil and gas industry could also do better, as just two-thirds (66%) of CISOs saying they harvest data from the dark web.

As a result, CISOs aren’t as confident about stopping cyberattacks as they could be. Just 60% of healthcare CISOs and 74% of those in the oil and gas industry believe they understand the profile of their adversaries properly, which is way below the industry standard of 77%.

It is “an imperative for these organizations to begin monitoring the dark web, to spot the early warning signs of attack, and improve their security posture based on a better understanding of their adversaries,” concluded Jones.