The darknet and deep web are vast sources of structured, semi-structured and unstructured data that requires advanced architecture to collect, process, analyze, and distribute meaningful and targeted datasets to clients and users across diverse industry verticals. This includes FinTech, InsureTech, Identity Protection and Threat Intelligence providers. DarkOwl employs a modified model of “Big Data” often depicted by the “V’s” of Big Data.
A global cyberwar emerged in the wake of the Russian invasion of Ukraine in February of 2022, with targets spanning from private government agencies to large commercial enterprises. DarkOwl analysts have identified critical leaks across major key sectors, including those amongst cyber hacktivists and threat actors themselves.
Cyber insurance is an increasingly popular topic of conversation across the information security community, as the frequency of attacks against organizations has steadily increased in recent years. The probability of a successful attack, resulting in the unauthorized access of an organization’s data, applications, services, network infrastructure or devices, or worse – the theft or loss of proprietary or sensitive data – is exponentially increasing in the post-pandemic world where work-from-home and hybrid work/home office environments have been normalized challenging an organization’s cyber-defense posture.
According to Accenture, 66% of small businesses have experienced a cyberattack, with the average cost of a malware attack on a company (regardless of size) hitting $2.6 million, signaling that cyber insurance policies are now essential for an organization to prevent significant financial business impact or even bankruptcy.
Coalition’s 2022 Cyber Claims Report confirmed the attack trends with their data indicating that small businesses are consistently targeted more frequently than medium and large organizations. They also report that claims increased in severity by 54% in 2021, with the average cost approaching $360,000 USD for companies with revenues more than $100M.
Cyber liability insurance is a form of insurance available for individuals and businesses to purchase to help reduce the negative financial impacts and risks of conducting day-to-day activities on the Internet. Cyber insurance is rooted in errors and omissions (E&O) insurance which generally protects against a company’s faults and defects in their products and services.
Any organization or business that operates predominantly on the Internet, collects or retains customer data such as personally identifiable information (PII) or protected health information (PHI), interfaces with the payment card industry, or stores sensitive proprietary data and digital intellectual property on a company network connected to the Internet should consider purchasing a cyber liability insurance policy.
In the event of a cyberattack, the theory of E&O coverage kicks in to support a sole proprietor or business who cannot fulfill their contractual obligations with their network and systems offline. Similarly, the coverage can help cover costs to litigate claims resulting in the failure of service performance or product delivery due to the cyber security incident.
Cyber liability insurance covers most of the financial costs associated with a cybersecurity incident and data breach. This could include:
Some cyberattacks include cyber espionage that doesn’t result in an overt cybersecurity incident and IT network failure. Does your cyber liability insurance policy cover your employees’ personal information showing up in the underground without the knowledge of your IT department?
The US Federal Trade Commission (FTC) advises that policy holders should check to make sure their insurance covers:
Policies covering cyber incidents are generally written as either first- or third-party coverage or both. First-party coverage protects the infrastructure and data owned by the policy holder’s organization. This coverage includes data related to an organization’s employees and customers. Third-party coverage is a form of liability coverage associated with the consequences of the exposure of an organization’s customer and vendor data.
Often when a cyberattack occurs it is the sensitive customer data or employee PII that is most valuable to the threat actor where the database is quickly commoditized in the darknet and traded or sold in underground data marketplaces and forums.
Unfortunately, many organizations under protect themselves getting first-party coverage only, when third-party is more comprehensive by orders of magnitude and applicable to the modern cybersecurity use case. Furthermore, traditional E&O policies do not cover the loss of third-party data.
While cyber liability insurance is offered by most major insurance carriers, we quickly realized that those shopping for cyber liability policies can easily get confused by the different roles and responsibilities of the various insurance players. During our research on the cyber insurance industry, we encountered several different stakeholders that could have vested interest in the cybersecurity risks associated with potential insurance claims.
Insurance Carriers – also referred to as the insurance provider, an insurance company, or agency – is the financial security behind the coverage provided in an insurance policy in the event of a cybersecurity incident. The insurance carrier issues the policy, charges the premiums to the policy holder, and covers payments from claims against the policy.
Insurance carriers issuing cyber liability insurance policies must remain hyper-vigilant on the evolving security risks facing their policy holders. They will establish pre-policy issuance security risk assessment protocols, evaluation criteria, and periodic auditing of their policy holders. In the US, insurance carriers are often described as “admitted” and non-admitted insurance providers which differentiates in whether they are ‘backed by the state’ financially and in compliance with regulations outlined by the policy holder’s state Department of Insurance.
Insurance Broker is an agent who sells or purchases insurance policies on behalf of another. An insurance broker specializes in the nuances and complexities of the insurance industry and knowledgeable of security risk management to advise on the type and amount of coverage required for a cyber liability insurance policy. They serve as a “consultant” and insurance representative to the insured policy holder.
Underwriters include persons assigned and qualified to initially assess, evaluate, and assume the security risk of another party for a fee or percentage commission from the policy value. The underwriter may work directly for the insurance carrier or independently contract to the insurance issuing organization as a freelance underwriter. The most commonly relatable example is health insurance underwriters who closely evaluate an applicant’s risk posture via detailed questions of the potential policy holder’s age, health conditions, and family medical history.
In cybersecurity, an underwriter has the responsibility to perform comprehensive risk assessments of cyber liability insurance policy applications for potential security risks that are increasingly complex and challenging to predict based on traditional risk modeling methodologies.
As claims increase in value the application process for new policies is increasingly rigorous with insurance carriers requiring underwriters gather supplementary ransomware-based questionnaires and proof of business continuity plans and security incident response plans from insurance applicants.
Third-Party Administrator often called TPAs, are professional, state-licensed organizations that support the insurance carrier in administrative services related to insurance. They most often are responsible for handling claims on behalf of the carrier including the evaluation of the legitimacy of the claim, processing the claim, making financial determinations, and reporting to regulation authorities. While TPAs are historically involved in the health insurance industry, there is a growing group of cybersecurity-specific TPAs that exclusively focus on managing cyber and privacy breach claims.
Reinsurers refer to the reinsurance companies, or more simply, the insurance providers for the insurance companies. According to the Corporate Financial Institute, a primary insurer – the insurance carrier – transfers policies, or insurance liabilities – to a reinsurer through a process called cession, or “ceding”. On average, insurance carriers cede an estimated 50% of the policy premiums they collect to the reinsurance market. Reinsurers’ revenue is directly tied to the quality of the risk assessments performed for policy holders on the front end and the amount of financial capital available, either from the reinsurer or third-party capital sources.
Data, information, and subsequent cyber intelligence derived from sources in the darknet, deep web, and criminal chat communities can help cyber insurance underwriters, insurance carriers, and reinsurers develop more robust and highly predictive security risk models. Higher fidelity risk models help price premiums to minimize claims payments benefiting the insurance carriers and their reinsurers accordingly.
The types of data from the darknet that might be utilized in security risk models can be as simple as the volume of policy holder’s organizational employee email addresses exposed on the darknet to more complex models which account for brand and reputational risks, mentions of executive leadership, network infrastructure like domain names and IP addresses, and exposed proprietary organizational data stolen through a pre-existing breach cyberattack.
Pre-policy evaluations can include darknet exposure data to assess the level of compromise of the applicant organization and determine whether prior breaches exist to the applicant policy holder – which is often excluded in cyber liability insurance policies. Pre-existing breach data for the pending policy holder’s vendors and supply chain can also drive security risk modeling and the potential risk must be financially compensated for.
Reinsurers also should independently monitor for darknet exposure and mentions of the insurance carriers they cover as well as their high-valued policy holders. Ransomware threat actors have actively targeted insurance carriers and exploit their policy holder information to leverage for subsequent attacks and drive negotiations with their extortion victims using their policy information as leverage for higher extortion payments.
In 2021, Avaddon compromised a division of the global insurance carrier, Axa Group in Malaysia and reportedly exfiltrated over 3TB of claims data and medical records of their policy holders.
Most recently, the reincarnated “Happy Blog” restarted by REvil after Russia invaded Ukraine, targeted a family-focused insurance broker in Ohio giving the threat actors direct access to sensitive PII of their clients for subsequent fraud or digital identity theft.
Victim data can emerge on the ransomware shame sites exclusively hosted on Tor in the darknet or data marketplaces, like Industrial Spy. One of the “free” offers on Industrial Spy includes a prominent Third-Party Administrator in India, MDINDIA. The proofs include a significant volume of claims carried out by the organization.
There is an increasingly complex interrelationship between data from the darknet and the organizations involved in issuing cyber liability insurance policies and managing claims. Darknet data can help drive better risk decisions in issuing policies and persistent monitoring for on-going security risks to insurance carriers, brokers, and their policy holders. The cyber liability insurance market is evolving as result of threat actors on the darknet and increased attacks resulting in significant financial claims.
Next: stay tuned for our upcoming content that will take a closer look at some things that are excluded from cyber insurance policies.
Many ransomware attacks are comprised of key stages that, when viewed on a larger scale, form a picture that represents a cyclical ransomware ecosystem that feeds various industries in the darknet. DarkOwl analysts outline ransomware attack key stages.
Of the numerous quantitative models that attempt to define and quantify the cybersecurity risk to organizations, very few consider risk indicators from the deep and dark web. Using ransomware as a case study, this presentation reviewed the content that exists on these hidden networks, and explored how data from the dark web can serve as an important data point for more comprehensive risk models. Further, Ramesh Elaiyavalli, CTO of DarkOwl, discussed the unique challenges and considerations that must be made when examining dark web data.
For those that would rather read the presentation, we have transcribed it below.
NOTE: Some content has been edited for length and clarity.
Kathy: Thank you, everybody, for joining us today for our webinar: Deep and Dark Web Data and Its Impact on Modeling Cybersecurity Risk. My name is Kathy, and I will be the host for today…And now I’d like to turn it over to our speaker today, Ramesh Elaiyavalli, our Chief Technology Officer here at DarkOwl, to introduce himself and to begin.
Ramesh: Alright! Thank you, Kathy. Appreciate the intro. Hi. Hello. My name is Ramesh. I go by Ramesh Elaiyavalli. I’m the Chief Technology Officer and am responsible for product and technology groups to set the strategic technical vision of DarkOwl, as well as kind of the day to day workings and implementation of our platform, our processes and our people.
So with that, today’s webinar, as Kathy mentioned, is to go over at a high level: what is the darknet and the deep web and how risk modeling is relevant to the current web dates. I will talk a little bit about ransomware as a darknet data multiplier. We’ll also review the security risk frameworks, and some of the stakeholders that need to be engaged as you look at risk modeling and the application of darknet and deep web as it relates to modeling and any future quantification efforts of darknet data.
We believe that the deep web and the darknet data have a significant impact in any type of cybersecurity risk modeling.
If you look at the dark web in general, think of it as an iceberg where the tip of the iceberg is the surface web, that we all know and use every day. It was originated back in the nineties. It was basically browser based and we all know that a ton of content which is publicly available is available via the surface web, and there are many content or many types of content ranging from discussion boards to pay sites and so on.
The deep web is anything that is not indexed like Google, simply put, and that is typically behind some type of the authentication of the websites that you require authentication or any type of human intervention. So this is where things like IRCs, telegrams, criminal forums, marketplaces, they all reside in the deep web. And that kind of emerged in the mid-nineties.
[This takes us] all the way to darknet, which was founded as part of the Tor Project in 2006. So this is the intentional anonymizing of networks accessible only by a proxy or a specific peer to peer protocol. So the best example is Tor or called the Onion. And then we have I2p, ZeroNet, Freenet, Oxen, Yggdrasil, so the list goes on and on with a ton of such networks and protocols that only exist in the darknet. And they have become kind of a very important infrastructure for advanced threat intelligence and long defined risk.
When we talk about darknet data, the data is both diverse as well as dispersed all over the internet, The surface web as well as the dark web. So when you look at the diversity of data, data is available as email addresses or email breaches with passwords, which is really the authentication data. There is domain data, subdomains, the IP addresses that are tokens that are common vulnerabilities, exploits and so on. There are source code available. There is content and text available about a company, which is the chatter across the threat actors. There is critical corporate data, contract and financial information, intellectual property, executive insights, as well as employee activity, phone numbers, PII data, banking data and so on and so forth.
So, as you could see, the data is very diverse. Also, the data is spread and dispersed across various sites that could be transient in nature, there are darknet data places, there are forums that criminals use for discussions, there are image boards or chans, there are blogs on ransomware, there are marketplaces where data is being sold in classifieds, and last but not least, is Telegram and some of the IRC chatrooms.
Given the diversity and the dispersion of data, we also know that the data is really valuable when the data is at scale. And scale matters more so now than ever before. Why is this? Number one, there is a rapid digitization in our society overall. Everything that is paper and tribal knowledge is becoming a digital asset.
And, with COVID-19, the pandemic has changed the fundamental way in which we work. A lot of the hybrid and work from home exposes organizations to networks that are only as good as the weakest link. So, there is quite a lot of attacks surface that has been exposed with the work from home networks and the garden variety wifi protocols that are out there.
The third one is [that] the Ukrainian-Russian conflict has significantly shifted the threat landscape. If you think the Ukraine Russia war is far off from you, think again, because a ton of supply chain risk exists today from vendors that you work with and you partner with. And they are directly impacted because of the war or because of the supply chain issues.
And, number four, there is an unprecedented number of never before seen malware and critical zero-day issues in the wild. There is a significant increase in ransomware, ransomware attacks and all of this kind of has fundamentally changed the landscape in which we look at darknet. So it is taken in from a corner of the Internet to now center stage. So the dark web usage has really jumped over 80% in the last three years. 2 million active users, if not more in the Tor browser and the ransomware cost, just the sheer cost is over 20 billion in 2021.
Now, ransomware-as-a-service is a term [increasingly] in vogue. And the threat actors have become very sophisticated in not only attacking and penetrating your organization, but they have the maturity to go after these ransomware-as-a-service providers to make the transaction more professional. You can transact on the internet, on the darknet, and the deep web, where you leverage these initial acts as brokers and third parties wherever they are possible. And the consultants would help in the victim negotiations as well as target the qualification, meaning they would know how big your company is, how much can you pay, and what’s your propensity [to do so]? How badly do you want to be covering your exposures here? So based on that, they offer a service which is the ransomware-as-a-service, and these are paid insider threat partners that criminals and threat actors work with.
[Lastly], with the Ukraine conflict, like I mentioned, there’s a fluctuation between Ukraine conflict and the various international law enforcement operations. We’ve heard about Conti and Cooming and Stormous data which are available immediately after the invasion. The Happy Blog, for example, returned despite the arrests by the FSB. LockBit, AlphV, Snatch – they all have increased activity. Victim data leaks continue at a very high volume CONTI pretty much disbanded and dispersed into not just one group, but various splinter groups. And such threat actors are directly contacting our stakeholders for pressuring the victims.
The bottom line is this ransomware as a darknet ecosystem is extremely well-structured. It is operationally very efficient. And the biggest fear is they are running this at scale with ransomware as a service. So this kind of changes the entire threat posture of a lot of companies out there.
And, if you were to be a victim of a ransomware attack… from a customer standpoint, you are completely shut off from your access points. There are messages that prevent you from getting in unless you’re willing to talk to and pay the ransomware and the threat actors.
Now, [let’s talk about] ransomware as a threat signal and overall as a dataflow lifecycle. You start with a pre-cyber incident, and then there is an initial access where that campaign has been launched. There are then incident responses and negotiations as part of the public announcement over to the post cyber incident management and then the whole attack cycle restarts. So, that’s kind of a quick [overview of the] lifecycle of the entire ransomware threat signal and data flow.
And, 46% of the ransomware victims, unfortunately, have not been compromised once, but multiple times. Over 90% of the data leaks we observed in the last year were attributed in some way or the other to these ransomware actors.
Now in talking about ransomware, here’s another great example that we tell our customers about: Volvo.
As we all know, Volvo is a very large auto manufacturer. But interestingly, their ransomware attacks did not come from their own compromises, but it came from their supply chain. It started with November 2021, where snatch one of the Chinese Volvo corporations that had a breach. And then it went on to Denso and then it went on to the Volvo Corp update will work to back defense over to StrongCo and so on.
So, various subsidiaries of Volvo, such as the Mack, the Mack defense, the Mack trucks and so on, were exposed as part of this attack. And these impacts we are observing pretty much up and down the entire supply chain. And there are multiple, not just one threat actor, but there are multiple threat actors that are finding ways, finding vectors, finding threat surfaces to expose and bring down some of the largest companies that are out there, either directly or as part of their supply chain and their vendor relationships.
Now, when you look at the darknet and you look at security risks overall, we talked a little bit about ransomware, but there are other type of threats that you should be worried about. We all know about the phishing attacks and the malspam campaigns, the cyberattacks, all the way from the overt or covert malware, DNS hijacking, data exfiltration, cyber espionage, denial of service attacks, insider threats, and basically any type of information based reputation attacks. So the types of threats have multiple dimensions, and ransomware has kind of bubbled up to the top. However, there are other threats that you need to equally pay attention.
And, what are the consequences of these threats? It is data corruption, it is operational downtime, a huge and a tremendous amount of financial and revenue loss, regulatory issues and fines, damage to your virtual or physical infrastructure issues with your shareholders and society as a whole, and the loss of customer confidence and a significant dent in your brand reputation. The consequences of ignoring these threats are significant and threats continue to evolve and [be a] cost concern for various organizations.
Having said that, how do you do threat modeling is not [the exact same as] how you look at risk modeling. Threat modeling is a subset of what you have to think from an overall risk modeling standpoint. Now, are there standards? [What are] the best practices for risk modeling? The good news is that there are some, but the bad news is there are plenty of them. There is no one single overarching standard for risk modeling. So, depending on your use case, depending on your company, your business, your operations, and your exposure to various security and methodologies, you can adopt one or more of these frameworks for your risk modeling.
The stakeholders for such risk modeling would pretty much be everybody in the organization and beyond. It starts with your SOC, your incident response teams, executives, data protection officers, the governance folks, CISOs, IT leadership.
If you are in Insurtech space, it very much applies if you are a broker, you’re an engineer, you’re an underwriter, you’re a reinsurer. All aspects of insurance underwriting and cyber security assessments need to be worried about risk modeling. It also applies to investors, private equity, and venture capital firms who are looking to fund that startups or to do mergers and acquisitions type activity. So all of those decision makers need to be aware of this, including policy makers, security agencies, military decision makers and so on and so forth.
When it comes to risk modeling stakeholders, it is everybody who has some form of decision making capability and they are doing an assessment, they are underwriting the risk in a way. So the NIST really defines the cyber risk assessments as the ones that are used to identify and estimate and prioritize risk across your organization, your operations, your assets and the people that you have within the organization.
One of the things that we are interested in talking about, [and] is a question we get a lot, is how do you quantify risks? At DarkOwl, we spend a lot of time thinking about it, and we have come up with ways, strategies, and products and score models that would help us objectify and quantify risk at scale. It’s not an absolute risk metric, but we see a very strong correlation and influencers for their risk calculations and your business decisions based on the exposure of data about you and the company that you represent as it relates to the darknet. So we call these “entities” which are basically email credentials, it could be domain names, it could be IP addresses, the set of entities that are easy to take, tokenized, and quantified.
Like I mentioned, this model is not basically the threat modeling aspect, but much more. And, you know, you need to give a lot of considerations for all the external and influential factors, which is the who and the where and the when as it relates to getting your data exposed.
So here’s an example of Microsoft whose overall risk profile, or we call it the darknet score, their score has been trending upwards (pictured below). A lower score is better. So, when your score is going up, that is not a good thing. So it could be either as a result of the amount of leaks that they have or the documents that are being exposed, how much hackishness is in those documents. So risk quantification with scores is a very important way to measure and assess risk.
The next one I want to briefly touch on is an experimental basis. We have Scores 2.0 that we are actively building. We are very excited about these scores to point out where we have used our own data, which is data from our entities, from our e-mail breaches, credentials and so on, and we believe it has predicted 73% of the breaches overall and 100% of all the four ransomware cases that we analyzed in the past. So here’s an example of a company such as Okta, which is the largest security authentication company out there. And interestingly, their exposure on the darknet was partly due to their leaks and some of their breaches. But more importantly, their biggest supply chain vendor is Sitel, which is a call center company which had access to Okta data. And when Sitel got compromised, that bubbled up to Okta. So we we always advise our clients to say, look carefully with your company within your data set, but also make sure that you are monitoring your supply chain vendors. So this is a perfect example.
How do we see the future of quantifying darknet data? It is very important that a very critical time is right now where we need to see a dialog among multiple organizations on what are the best methods and the best practices for quantifying darknet data and how do you do the risk modeling. We would love to see folks getting rid of questionnaires and checklists and, you know, making decisions based on data that is available in the open net or OSINT data.
We advocate for education on darknet and darknet data and how important it is for overall cybersecurity. There is a clear need we see in establishing a common language and a common set of mathematical models, be it the darknet score, or it could be something else. But, we want to see more such quantified risk models that are available in the industry.
There is a need for better understanding on the relationships between not just the threat actors, but between the personal and corporate risks that every companies go through. And [as we showed earlier] – you got to take a closer look at the type of data that is being leaked by some of the ransomware groups and the threat actors. Some of it is because they may want money, but a lot of it is also, they’re trying to build reputation by leaking data.
[We advise that] you take a close look at what data types are being leaked and what the cohorts and the verticals in the industry are talking about. Also, the key question here is this: how do you measure the goodness or the effectiveness of your current cybersecurity risk model? Ask that question often, ask that question early, and ask that question constantly. Which is, is your risk model effective enough and is it good enough?
With that, if you want to know more about DarkOwl, please talk to us. Get in touch with us at [email protected]. Or you can follow us on various social media and you can also check out, check us on our blog or on our website. And if there are any other questions, I’m happy to address them. That’s the end of the presentation.
Kathy: Thank you, Ramesh. We have had a couple of questions come in. So let’s see if we can get to some of them. The first one we have is” Why do I need DarkOwl? Most of the darknet can be accessed by individuals.
Ramesh: It’s a it’s a great question. Darknet data can be accessed by any individual or any company for that matter, but I would not recommend doing this at home. The reason being that you’re dealing with data that is extremely sensitive in nature and you are potentially interfacing with criminals and threat actors and it is a very dangerous place. So there is very likely challenges that you would run into is you may get attacked yourself when you expose yourself and your network, if you tried to do it without much expertise.
At DarkOwl, we take great lengths to make sure that our access to the darknet and our ways of ethically gathering data is serving you as a customer so that you can access data through our platform and the safety and security that comes with our platform, as opposed to interfacing directly with the threat actors and the criminals. So I would always recommend go through a provider and sort of avoiding direct.
Kathy: Great. Thank you. Another question that came in is: I want to access your data. What is the best way for me to do so?
Ramesh: Okay. The best way to access our data. The short answer is it depends. If the use case is you are a cyber security analyst or you’re looking for a very specific thing. You want to search on the dark web on a limited basis. The best bet would be to leverage our Vision platform. The next step is if you’re a developer and let’s say you want to build an API because you have a platform already built out, or you’re thinking of building a platform or you’re in cybersecurity and insurance business and you want to leverage darknet data for those type of use cases. We would recommend to our API. And by the way, our API, we offer a Search API, we offer Entity API for lookups on email credentials or crypto and so on. We also offer source via API and we offer entities and searches also via API.
So, there’s a variety of APIs that you can leverage, assuming that you want to be building code and develop and integrate dark data into your platform. And then all the way, if you’re a data science person, you are looking at large amounts of data and big data, right? And you have a data science team that is available. We would do what we call DataFeeds, which is snapshots in time that you can have either our entire dataset or filter based on criteria that you provide as well as we can do these historic data dumps and we can take snapshots in time and send it over in a in a secure transmission over to you and your data science team. So it really depends on the use case. The bottom line is you can leverage our Vision UI, platform or you can leverage our API platform or you can consume our big data, be our data feeds.
Kathy: Great. Thank you so much…Ramesh, thank you so much for this insightful presentation to our attendees. If you’re interested in learning more about how darknet data applies to your use case, please feel free to request time with us using the link in the chat. We look forward to seeing you at another one of our webinars in the future. Thank you.
Ramesh: Thank you.
OnRamp Insurance is a yearly conference that brings leaders in the insurance, tech, and insuretech space together to accelerate innovation across the insurance industry. This year’s conference was held in Minneapolis at the Allianz Stadium, which was an incredible venue. The event was well represented by various insurers – ranging from large corporations to startups to investors and industry experts.
As a first time attendee, I was pleased with the turnout and quality of lasting connections made. Since one of the primary aims of the event is to provide a platform for integrations and partnerships showcasing various technology and data providers, I was invited to speak on the panel “Cybersecurity within Insurance.” I was so pleased to be able to attend and represent DarkOwl, introducing why the darknet data is an essential part to any sort of risk modeling in the cyber insurance or underwriting space.
The insurance industry is going through a tremendous shift. Insurers are subject to increased risk, given a variety of geo-political factors. COVID-19 has exposed an increased attack surface for many companies, due to employees working remotely and exposing sensitive corporate data on unsecured home networks.
In addition to this we have seen a tremendous growth in cyberattacks, data breaches and ransomware compromises. The Ukraine conflict has significantly increased supply chain risk to various markets and insurance space is especially at the receiving end to this heightened risk. All these factors lead to a perfect storm.
It was a great to see that cybersecurity is starting to become a repeated theme amongst the insurance industry. I was glad to represent DarkOwl and participated in the panel: “Cybersecurity within Insurance,” alongside representatives from Trust Stamp and Paladin Cyber.
In our discussion, I defined DarkOwl’s approach to risk modeling and loss mitigation specifically for Insurtech. Every entity in the value chain of the insurance space is being disrupted – from brokers to underwriters to carriers – all the way to reinsurers. Each of these is finding ways to apply technology and data sciences to mitigate risk and improve outcomes. Automated underwriting and straight-through processing is taking center stage as companies innovate in the insurtech space.
Insurance carriers, underwriters and reinsurers are forced to find new ways to write policies, factoring in such risks and update policy-writers. There is a clear and present need to get rid of the check list-based underwriting to an automated and risk-based underwriting. We see a need for darknet data and a quantitative and risk-based underwriting at scale for insurers to thrive in this new world order. Similarly to how the FICO score transformed the mortgage industry to underwrite loans, the insurtech space needs a comprehensive risk score to underwrite. And, such a risk score needs to assess darknet exposure to measure risk at scale – not just as a snapshot in time score but a score that is constantly and continuously updated based on the dynamic nature of exposure and threat actors.
Risk profiles for organizations have changed significantly. Assessing and modeling risk in 2022 is very different compared to 2019. Be aware of the changes in threat and attack surfaces.
Underwriting screams for automation. There is a clear need for automation, straight through processing and machine learning.
Specialty insurance space is evolving. Nontraditional insurance such as Medical Malpractice, Travel Insurance, embedded (eCommerce) insurance are in high demand.
Darknet data can contribute to risk modeling and assessment at every phase. This data is unique, differentiating, and external insight for various insurers to improve outcomes and mitigate risk.
OnRamp and gener8tor have seen significant growth. Attendees and interest for this insurance-focused event continue to rise. In person events provide the opportunity for significant connections and partnerships.
Overall, DarkOwl received very positive feedback on its business model, products, and platforms. Adding to the conversation around insurance and cybersecurity, led to an increased awareness of our roll as a leader in the darknet data market, as well as our position as thought leaders in the information security space.
DarkOwl’s robust darknet data enabled our customer, Blackpanda, to fully understand their customers’ risk profiles and assess threats after they experienced a breach.
The darknet (or “dark web”) is a thriving ecosystem within the global internet infrastructure that many organizations struggle to incorporate into security posture, but is becoming an increasingly vital component. In certain cases, that is because taking raw data and turning it into actionable security intelligence requires leveraging DARKINT – or data points sourced from the darknet and other OSINT sources that together form a risk and/or investigative portfolio.
In honor of World Password Day, our analysts have compiled some interesting statistics based on the email and password entities available in the DarkOwl Entity API.
The darknet is fundamentally changing the landscape on who, where and how cyber crimes are perpetrated. This infographic outlines stats around just how much the darknet is growing.
