The Value of Dark Web Coverage for Third-Party Risk Management

October 9, 2019 • The Recorded Future Team

Everyone knows that a key ingredient to an effective third-party risk program is comprehensive, high-quality risk information. This includes details on supply chain risk, financial risk, legal risk, cyber risk, and more. With growing third-party ecosystems, it’s easier said than done for risk management teams to collect, organize, and prioritize their own risk information along with that of their partners. One of the solutions to these challenges can come from a surprising source — the dark web.

Third-party risk data collection just can’t be done manually anymore. Risk teams need to put processes in place to collect and analyze risk information — especially cyber risk — so they can focus their time on remediating their third-party threats. One way that risk teams can speed up third-party risk data collection is through vendor questionnaires, but that only provides an internal view of the third party’s risk.

External cyber risk information from the dark web provides a more unbiased view of an organization’s risk posture. However, that information may not be as easy to analyze and respond to. So why should risk teams spend their limited time trying to gather and understand information from external sources, especially from the dark web?

The Dark Web Piece of the Puzzle

Let’s start with what the dark web really is.

The dark web is a subset of the World Wide Web. It’s only accessible via special software that allows users and website operators to remain anonymous or untraceable. Websites on the dark web operate in their own unique environment, separated from surface sites such as Amazon, eBay, or the Wall Street Journal. On the dark web, there are markets for corporate data, including intellectual property or customer information in dark web communities. This kind of information is also sometimes made available by insiders looking to profit from their access to valuable data.

When you consider that 87% of organizations have experienced a disruptive incident with third parties in the last two to three years, and that the average enterprise shares confidential and sensitive information with 583 third parties, you can begin to understand how valuable this information can be to cybercriminals. The dark web provides unique insights into an organization’s security posture. When the information is high quality — like Recorded Future’s dark web coverage — it can be easily included in a proactive third-party program.

Instant Access to the Full Picture

Without a complete view of a partner’s threat landscape, it’s impossible to make an accurate cyber risk assessment. That’s why Recorded Future enables risk teams to gain the most comprehensive view of each third party’s security posture. Our unique combination of automated data collection and human analysis generates high-quality risk intelligence that seamlessly integrates into third-party risk processes and GRC solutions.

Recorded Future collects risk information from technical, open web, and dark web sources in every language, and we add hundreds of new sources every week. This includes more than 1,500 hacker, criminal, and extremist forums — some of which are from the dark web and are invitation-only. The information we collect is automatically analyzed through machine learning and natural language processing to create a simple, quantifiable risk score from zero to 100, representing a company’s risk and security posture. When this data is matched with our Insikt Group’s research and cyberattack reporting capabilities, risk teams have access to actionable, trusted, threat-centric risk information for more complete third-party risk management.

Learn More

Want to know your company’s risk level? Request your complimentary risk report today.