In what it claims to be the first index of the darknet, OWL Cybersecurity has compiled a massive database of TOR sites and crawled it for mentions of Fortune 500 companies. Shockingly enough, there isn’t one Fortune 500 company exempt from exposure.

The darknet (also referred to as the dark web or deep web) is the section of the internet that isn’t indexed, is unsearchable, and has to be dug around in to find what you’re looking for. It has become a haven for those who don’t want to attract attention, including journalists, political dissidents, and–of course–cybercriminals.

When data, both individual and organizational, is stolen it often ends up on the darknet in massive dumps that are ripe for the cybercriminal picking. OWL Cybersecurity’s report, which makes use of their searchable, continually growing database of the darknet, ranks Fortune 500 companies by their darknet footprint.

Fortune 500 tech professionals had better keep reading.

What the numbers mean

Each company on the list is assigned a darknet index score that corresponds directly to the size of the footprint a company has on the darknet along with its attractiveness to an attacker. The algorithm that OWL uses is proprietary and takes several factors into account, such as the kind of data available, how old it is, and where the data was found.

SEE: Security awareness and training policy (Tech Pro Research)

There is a silver lining in the anxiety your darknet footprint raises: All the information provided by OWL is actionable, so you can take steps to mitigate risks it clues you in on.

The top 10 most darknet-exposed Fortune 500 companies

If you don’t see your Fortune 500 company listed here that’s a good thing. Don’t get too complacent, though: They’re all on the list, which you can find in the full report (registration is required).

  1. Amazon
  2. Google
  3. Apple
  4. Facebook
  5. eBay
  6. American Express
  7. Frontier Communications
  8. Netflix
  9. Texas Instruments
  10. FedEx

Interestingly enough, though perhaps not surprising, is that the top five companies are all considered to be in the technology sector for the purpose of their Fortune 500 rank.

SEE: Dark Web: The smart person’s guide (TechRepublic)

The amount of data Amazon, Google, Apple, Facebook, and eBay have on their customers is staggering, and that affects their darknet footprint rank. The data available for those companies may not be greater in volume, but what’s available is incredibly enticing because of all the personally identifying information it contains.

How to minimize your darknet footprint

The sheer volume of data on the darknet means you may not ever know what’s really out there. OWL Security can get you that information for a price, but you don’t have to buy an expensive monitoring tool to improve your enterprise security.

  • Implement the National Institute for Standards and Technology’s Cybersecurity Framework. It’s a comprehensive system for getting any organization, from the Fortune 500 down to a one-person operation, into a preventative security mindset.
  • Create a strong BYOD policy and stick to it–no one is allowed to circumvent the rules, even C-level executives.
  • Change passwords regularly–every three months at the minimum. Enforce strong password rules or require users to use a password manager.
  • Implement two-factor authentication. These days, that isn’t a recommendation–it’s a requirement on the modern internet. Be sure all of your systems require two-factor signin so even if data is leaked it can’t be used to gain access.
  • Be vigilant. Keep records and logs so that you can recognize anything out of the ordinary.

To see a list of the top 25 companies listed in the report check out the accompanying gallery.

The three big takeaways for TechRepublic readers:

  1. A new report from OWL Security found that all of the Fortune 500 companies had potentially compromising data available on the darknet.
  2. The top five companies are all in the tech sector because they’re very attractive targets. User accounts contain a treasure trove of personal information cybercriminals want.
  3. Don’t wait until it’s too late to find out your company has been compromised. Put proactive security measures in place now to prevent a disaster.

Also see: