Experts agree the vast majority of breaches are discovered through intercepted threat actor communication. Very often, the source is an Onion post (TOR), but malicious activity is rampant on the familiar “visible web” as well.
It is essentially a case of “reverse media monitoring”. Although most companies tend to think any publicity is good publicity - the disturbing reality is that hacker attention could potentially have catastrophic consequences to business operations. If your company is the topic of discussion on some parts of the dark web (specifically TOR networks) and even some sources on the familiar visible web - you could be facing severe risk.
The implications are clear when you factor in an average of a 226 day dwell time (breach to discovery) and an astonishing low rate of 19% self detection of security breaches.
Mentions of organizations (entities) on the dark web and other forums significantly increase the likelihood of discovering a breach.