Exposure of Sensitive Data on the Dark Web
In response to ongoing, countless damaging data breaches in the financial industry, the New York State Department of Financial Services (DFS) implemented the Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) last year. Requiring all covered entities to adopt a comprehensive cybersecurity program and stricter policies, the new set of laws challenge corporate cybersecurity programs to expand policy frameworks, mitigate exposure of sensitive data, and tighten disclosure requirements.
Unlike previous regulations which focus strictly on a perimeter-specific policy framework or guidance as to necessary defensive measures, 23 NYCRR 500 presents a framework that includes proactive monitoring of sensitive data on the dark web.
There are three areas which have immediate relevance to monitoring the dark web for sensitive data exposure.
- 500.04(b) Report from the Chief Information Security Officer
- Section 500.05 Penetration Testing and Vulnerability Assessments
- Section 500.09 Risk Assessment
Matchlight by Terbium Labs is the industry leader for detecting compromised account data on the dark web. We help organizations with data breach detection by not only assessing their exposure and delivering ongoing risk reports in an automated fashion, but also providing human power to analyze the sensitivity of risks and provide contextual information about an organization's data exposure on the dark web. Our managed service extends an organization's visibility outside of its perimeter while providing continuous external monitoring for incidents that put data at risk.