Dark Web Intel Underutilized by CISOs, Diminishing Healthcare Cybersecurity

March 24, 2023 - The healthcare sector struggles to keep pace in a rapidly changing healthcare cybersecurity landscape, as some CISOs neglect to leverage dark web intelligence, resulting in a weaker cyber posture compared to other industries. According to a Searchlight Cyber Report, only 57 percent of healthcare CISOs have incorporated dark web intelligence into their strategies.

The dark web serves as a hub for cybercriminal activities, offering marketplaces for buying and selling malware, exploits, and stolen data, researchers explained. It also serves as a forum where threat actors share techniques and discuss tactics. Additionally, cybercriminals use the dark web to create ransomware leak sites where they threaten to publish stolen data unless a ransom is paid.

Collecting threat intelligence, pre-attack intelligence, and data from the dark web can significantly improve the cybersecurity posture of many organizations. This approach, known as the "pre-attack phase," enables companies to identify and counter cybersecurity threats before they hit their network.

A survey conducted between November 18, 2022, and January 16, 2023, titled "Proactive Defense: How Enterprises Are Using Dark Web Intelligence," gathered responses from 1,008 CISOs from large enterprises with revenue exceeding $200 million and more than 2,000 employees.

Primarily, the findings revealed that utilization of dark web intelligence was common but not equal among all industries.

While the finance industry leads in adopting dark web intelligence, with 85 percent of organizations gathering dark web intelligence, the healthcare industry is falling behind. According to survey findings, healthcare CISOs are 20 percentage points behind other sectors in collecting data from the dark web, which is negatively impacting their cybersecurity posture.

Across the United States, most CISOs feel confident in understanding their adversary profiles. Specifically, 85 percent of US CISOs expressed this confidence, while 80 percent of US enterprises have reported gathering threat intelligence.

While researchers find this high level of dark web data understanding and adoption promising, notable sector disparities remain. The healthcare sector has shown a lower level of confidence in understanding the profiles of potential adversaries.

Researchers noticed that compared to the industry average of 77 percent, only 60 percent of healthcare CISOs are confident in understanding their adversaries' profiles. A lack of understanding about data intelligence can hinder their ability to identify and neutralize legitimate threats before they infiltrate the network.

In contrast, industries like manufacturing, financial services, and professional services report stronger security postures. These sectors demonstrate more confidence in recognizing and addressing potential threats due to greater usage of threat intelligence and dark web monitoring.

Furthermore, 50 percent of healthcare CISOs believe that dark web criminal activity affects their company, compared to the 64 percent average. The survey also revealed that just 53 percent of healthcare CISOs believe intelligence on cybercriminals is crucial for proper defense, further highlighting the knowledge gap in the industry.

“It is likely that health and energy organizations may not have historically considered themselves the primary target for financially motivated cyberattacks emanating from the dark web,” Ben Jones, CEO and co-founder of Searchlight Cyber, said in a press release.

“However, the cybersecurity landscape has changed dramatically over the past few years, and threat actors are no longer just focusing on asset-rich organizations like banks and insurance companies.As recent incidents have shown us, they are increasingly targeting enterprises in industries such as healthcare, oil and gas, and manufacturing to leverage the critical nature of these companies and extort ransoms. “

In light of this shift, the healthcare industry has found itself increasingly targeted by ransomware attacks, as evidenced by a relentless stream of headlines.

Cybercriminals such as Clop are employing a double extortion model to maximize their impact. Threat actors encrypt and exfiltrate sensitive information. Sensitive data are then released on their dark web leak site if payment is not made.

Week after week, millions of dollars in ransoms and protected health information (PHI) are stolen from secure servers and resurface on the dark web. This unfortunate pattern highlights the grim fate of many exfiltrated patient data records, underscoring the urgent need for the healthcare industry to address its security vulnerabilities and knowledge gaps.