Hacks and data breaches have become an all too familiar feature of business life. Yet working out companies' exposure footprint to hackers is still very much a work in progress. One recent effort to shed more light on this issue involves a deep dive into the “darknet” of private networks, forums, and channels that enable the anonymous hosting and exchange of large volumes of stolen data. Owl Cybersecurity has built a proprietary database of darknet content, updated with between 10M and 15M pages a day from services such as the Tor network.
The company assessed every firm in the Fortune 500 and assigned it an overall darknet footprint in terms of data exposure, using additional intelligence as well as information from its database. Owl then applied an algorithmic rating system to assess the likelihood that the data could be used for nefarious intent. Among other things, the algorithm gives a greater weighting to multiple breaches over time at a company that have exposed data to the darknet rather than a single large breach. It also gives greater weight to data from more recent incidents.
The chart above shows the top ten companies in Owl’s Cybersecurity "Darknet Index". Each company’s rank isn’t a “risk of breach” score, but rather an indication of exposure on the darknet while taking into account the effectiveness of their cyber defenses. The index scale is logarithmic, meaning each additional point reflects almost triple the exposure profile of the one below it.
A few things stand out. Tech firms led by Amazon dominate the list, which is a reflection of their billions of users, large ecosystems of applications, and mass of customer data make them attractive targets. Banks and healthcare companies are also top targets for hackers, but strict regulatory regimes and media scrutiny mean they have less darknet exposure—though there have certainly been plenty of high profile breaches involving companies from both industries. The only financial services company in the top ten is American Express and there is one telco, Frontier Communications.
Owl says it intends to develop deeper industry dives in future to see how companies rank within their sectors. More information about its research effort can be found here.