KUALA LUMPUR: Globally, 2,566 organisations' data were leaked on the dark web, an 85 per cent increase since the previous year, with posted organisations' names and proof of compromise, said cybersecurity expert Palo Alto Networks.

The United States company said the situation is similar in Malaysia where organisations' data leaks are increasing alarmingly.

Palo Alto Networks principal Vicky Ray said data leakage has become a recurring issue, both globally and in Malaysia, caused by phishing, malware and ransomware attacks, or even unintentional sharing of sensitive data by users.

"Regardless of the cause, organisations need to step up their game to implement a data loss prevention system to plug vulnerabilities in their infrastructure," he said in a statement today.

Palo Alto Networks 2022 Unit 42 Ransomware Threat Report revealed that in 2021, cybercriminals increasingly turned to the dark web "leak sites" to post leaked data, in addition to demanding ransom from their victims.

In Malaysia, a local news portal recently reported that a group of hackers, code-named "grey hat", broke into civil servants' ePenyata Gaji (ePaySlip) system and extracted nearly two million payslips and tax forms in PDF format amounting to 188.75 gigabytes.

Palo Alto Networks recommends some measures that companies should implement to minimise the possibilities of data breaches, such as conducting phishing prevention and recurring employee security training; centralise security management efforts such as threat detection and security alerts.

Companies should also control user activities with the least privilege given such as limited access to specific applications and data within a given timeframe; implement multi-factor authentication besides email for the verification of third-party applications.

It also suggested that companies could implement a "zero trust" approach -- "never trust, always verify" -- to eliminate implicit trust and validate users' activities continuously at every stage of digital interaction.

"Organisations must develop an effective security strategy to uphold the integrity of their data while it is at rest, in use, and in motion.

"By upgrading defences consistently to keep up with the evolving threats, IT teams can stay ahead of the attack curve and minimise the risks associated with such attacks," said Ray.

-- BERNAMA