Why you need a dark web expert on your security team

Publishing data online has become a common modus operandi for cyber criminals—but will Aussie organisations even notice when it happens?

spider dark web bug virus poisonous threat weave pattern by steve norris getty
Steve Norris / Getty

Australian CSOs must be prepared to infiltrate dark web sites to get an early bead on potential compromises of their corporate information, a security specialist has warned as a string of Australian brands manage the ramifications of having sensitive data published online.

Financial-services provider MyBudget and sportswear brand In Sport recently joined logistics giant Toll Groupin having corporate data published on the dark web by cyber criminals intent on squeezing a ransom out of the companies. Reports suggested that up to 200GB of Toll Group data alone had made its way to dark web forums, where cyber criminals congregate to sell and exchange the spoils of their hacks.

Volumes of enquiries have increased steadily in recent months, said Arni Hardarson, head of assurance at security consultancy Pure Security, as cyber criminals take advantage of the remote-working vulnerabilities created by the COVID-19 pandemic.

Appropriately managing the fallout of a data breach, therefore, now requires information-security managers to be able to evaluate the company’s exposure in online forums.

Toll Group did just this when it launched an investigation into its dark web exposure that saw it “focused on assessing and verifying the specific nature of the stolen data that has been published”.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.