As a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.
The results are fascinating.
Of 200 domains recently scanned:
- 87.4% had at least one potential identity compromised
- The average number of potentially compromised identities is 41%
- 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources
What does this mean?
Just because email@example.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.
It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.
How does it work?
Chances are, your employees are using their work email address, firstname.lastname@example.org, as their login identity for other systems. These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.
If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems. If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.
A compromised identity on a third party service can easily lead to a breach of your systems.
What to do:
- Get the Details:
Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
- Mitigate Your Risk:
Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.
- Request a detailed Dark Web Scan
- Discuss security education and testing services
- Setup on-going monitoring for your domain