Tracking Everything on the Dark Web Is Mission Critical>
N Cryptech – Kelly Springer
The key takeaway is that discovering data on the dark web triggers investigation, not knee-jerk reaction
Proper data tagging, secrets management and monitoring from the start enables an informed, precise response when leaks occur
Here are the key points on properly handling discovery of sensitive data or secrets on the dark web:
1) Don’t assume a data leak automatically means your systems were breached
The data could have been exfiltrated from various other sources like cloud storage, employee devices, partners etc.
2) Simply finding data on the dark web is not enough to determine an appropriate response
You need details on where, when and how the theft occurred.
3) For sensitive data like PII or trade secrets found, investigate thoroughly – how much data, could it be from other companies, which internal system/team etc.
4) For secrets like API keys found, check if they have already expired/rotated
The response depends on whether they are still active and valuable.
5) Maintaining a controlled inventory with meticulous tracking of all secrets from creation is crucial to monitor credential activity in real-time.
6) Tagging all sensitive data with metadata from the start allows tracing its history and determining breach details later.
7) Without proper context added from the beginning, forensic investigation becomes extremely difficult after a leak is discovered.
8) Bombarding the dark web with fake data can add noise and deter attackers from your real data.
Link: https://n-cryptech.com/tracking-everything-on-the-dark-web-is-mission-critical