The need for Dark Web Monitoring in 2024 goes beyond regulatory cybersecurity compliance 

This blog was provided by our partners at Packetlabs.

Richard Rogerson

Founder and CEO

Packetlabs

Summary: According to recent studies, Canadian organizations are seeing a 7.7% increase in Dark Web-related cyberattacks. In dollar terms, this results in the average cyberattack costing Canadian companies over 7 million per breach.

In 2024, proactive cybersecurity goes beyond regulatory compliance. Although over 133,927 executive credentials are known to be circulating on the Dark Web–resulting in significant reputational damages, potential corporate espionage, loss of critical data, and significant financial losses–the increasing additional impact on individual lives cannot be ignored.

A prime example of this is in the healthcare industry, where breaches don’t just impact reputation and finances–they also directly affect individuals’ well-being. In January, nonprofit patient safety organization ECRI released its 17th annual report of its top 10 health technology hazards for 2024; these included the remote hacking of home medical devices, the wide-scale encryption of patient data by threat actors that is then sold on the Dark Web, and third-party web analytics software that can compromise patient confidentiality (and product usage.) Just earlier this month, the HHS Health Sector Cybersecurity Coordination Center (HC3) published a sector alert regarding two recently disclosed critical cybersecurity vulnerabilities in Baxter blood pressure monitoring products that could result in credential exposure and product failure if exploited.

This human element is what powers Packetlabs. Alongside being 95% manual–versus cybersecurity firms that outsource or automate their work–Packetlabs purposefully seeks out engagements that go beyond regulatory compliance.

One such engagement was with the SickKids Foundation, a fundraising organization based in Toronto that supports the Hospital with sick children. With over 1.5 million active donors, the foundation collects and manages sensitive information, which could result in reputational damage and loss of donors if breached.

“We are always being asked what our security posture is like. Penetration testing is one of the best ways for us to understand from both the inside and outside exactly how vulnerable we could be in a real-world scenario, which is why we value it so highly,” says Derek Sutton, Director for Infrastructure of Enterprise Architecture at the foundation.

The average cyberattack lifecycle across North America is an estimated 24 days–not accounting for the 197 days taken to identify a breach, and 69 to contain it. Steps that can be taken to help mitigate cyber threats include, but are not limited to:

Putting the passion back into proactivity is one of Packetlabs’s main drivers for 2024 and beyond. When it comes to being the target of a cyberattack, it’s not a matter of “if”–it’s a matter of “when.” And in the fight against threat actors, offensive security is power