Every Fortune 500 company has some level of exposure on the dark web, with technology and telecommunications firms ranking at the top of the list, according to a report published by Denver-base OWL Cybersecurity at the end of May, 2017.
The dark web, unlike the surface web — the internet most people know of and use every day — can’t be indexed using traditional search engines, such as Google or Bing. The cybersecurity company has built a database updated with “10 to 15 million pages per day, from more than 24,000 domains on the Tor network alone, as well as other darknet networks.” With the darknet content indexed and searchable in 47 different languages, OWL claims their dark web database is the “most comprehensive one of its kind in the world.”
In the study, the OWL picked each and every company from the 2017 Fortune 500 list and assessed them with an overall darknet footprint. OWL uses a specific algorithm for the purpose, rating postings on the dark web based on their potential for criminal use.
“To compile our Darknet Index, we ran each member of the 2017 Fortune 500 through the OWL Vision database. We focused on specific darknets for matches on each company’s website and email domains and then further adjusted the results based on computations of ‘hackishness,’” the report reads.
When valuable information is either stolen or hacked, the data is often offered for sale on the dark web, OWL stated. On dark web marketplaces and forums, criminals exchange illegal products and data — mostly sourced from hacks and breaches — for cryptocurrencies, such as bitcoin. Therefore, the cybersecurity company measured the exposure of the Fortune 500 firms by analyzing their presence on the darknet.
According to the researchers, in some instances, “private data for sale may have come from a breach at a Fortune 500 company, but it may not be identified as such.” OWL explained, for example, that multiple instances of credit card information up for sale on the dark web can come from various sources, including banks or retailers; however, information on the source of the compromised data is not always available or provided.
OWL ranked the Fortune 500 companies by their Darknet Index score — calculated by the cybersecurity firm’s algorithm — and also included the firms’ rankings on the Fortune 500 lists. Ranked by DARKINT (darknet intelligence), technology companies lead the list, with Amazon holding the top spot, but with telecommunications firms right alongside it.
The cybersecurity firm pointed out some key takeaways from their analysis. The researchers emphasized that all Fortune 500 companies have a presence on the dark web since “every single company in the Fortune 500 had a positive Darknet Index score.” OWL explained Amazon’s top ranking with the fact that the firm has a “massive internet presence and possesses a significant amount of customer data.”
The researchers were surprised by the comparatively positive rankings of financial firms, which are frequent targets of cybercriminals. OWL indicated that the financial industry’s significant investment in cybersecurity measures in recent years was the reason for the success. Other sectors in which the firms invested “heavily” in cybersecurity also had lower Darknet Index ratings, the researchers added.
OWL expects that by publishing such statistics in their report, they can help companies improve their cybersecurity. The cybersecurity firm enables companies with compromised data to monitor the stolen or hacked information on the dark web.
“Today, in an age where data loss is virtually inevitable, it is critical to look at the darknet as a key part of a complete cybersecurity program, enabling organizations to swiftly detect security gaps and mitigate damage prior to the misuse of data.”