Cybersecurity and stories of the Dark Web are issues that are part of our new normal and cybersecurity is one where we are happy to follow what the experts say. Reports of malware, phishing, even fleeceware gets our attention here at Disruptive.Asia and we tend to write about them.
Yet, it turns out that cybersecurity companies themselves have customer data floating about in the Dark Web, according to research by Immuniweb. A worrying 97% of the top security companies, in fact, have data leaks or security incidents reported on the Dark Web, with an average of 4,000 credentials or sensitive information, per company.
While this may trigger some outrage and anger at these so-called ‘experts’ we should still listen to them. They may come down in our estimation and we may rail at their slight ‘holier than thou’ attitude but they do more to support industries against the wave upon wave of attack than anyone else.
The Dark Web is, of course, intriguing in the same way that the locked cupboard in your Granny’s hallway was intriguing as a child. You wanted to see what’s inside but you were scared you might get into some real trouble.
Yet, the cybersecurity experts live in there, along with thousands of hollow-eyed people selling botnets, worms and who knows what manner of devilment.
The report from Immuniweb is worrying for another reason.
Even after all the education across the industry, the introduction of password vaults and the like, it turns out that employees from 162 of these companies reuse their passwords and most of those are weak, with less than eight letters, no numbers or special characters.
If that was not enough, nearly half of cybersecurity companies’ websites do not comply with GDPR requirements (mind you, the same can be said of EU websites). Many use outdated software and 91 companies had ‘exploitable’ website security vulnerabilities.
While vulnerabilities of cybersecurity have now been exposed on the Dark Web, we should not forget that the advice they give and the support they provide is what is keeping our heads above water, particularly during the pandemic.
It would nice, though, if they practised what they preached. Then we might forgive their aloof attitudes towards other industries.