The Digital Risk Dilemma: How to Protect What You Don’t Control
July 16th, 2019
Subscribe to our blog and stay up to date
Digital transformation has completely revolutionized how your business operates in today’s climate. Organizations are increasingly more scalable, agile, and diversified. But an increasingly digitized world has its drawbacks: Your attack surface is expanding on web infrastructure outside your perimeter every day. Beyond traditional IT-operated digital properties, your organization likely has shadow IT, mobile usage, social media, IoT devices and applications, third-party vendors, and third parties’ own third-party vendors (or fourth parties). How can you possibly expect to protect your network from ever-evolving threats to your dispersed digital assets?
From large-scale botnets to account takeovers, brand impersonations, and weaponization of social, mobile, and web channels, security and risk pros are constantly inundated with new digital risks. Rapid proliferation of digital channels generates a massive, chaotic digital footprint, a burgeoning digital attack surface, and diminished control to protect critical digital assets and channels.
Digital Risk Grows as Digital Footprints Expand
Digitized business is intensifying risk faster – and more severely – than companies realize. As digital footprints expand, organizations suffer increasingly severe cyber risk events that disrupt business and strain customer relationships. What does this look like in practice? Well, for starters, it means a whole lot more to worry about.
IntSights found a 278 percent increase in retail goods for sale on black markets last October, a 297 percent increase in retail phishing websites, a 171 percent increase in compromised employee credentials, and a 212 percent increase in stolen credit cards for sale on the dark web this past April. If that seems alarming, that’s because it is. Businesses have never been more connected to their consumers, but they’ve effectively paved new roads for cybercriminals by giving them an expanding list of attack vectors.
One of the biggest problems is that security and risk teams underestimate their own digital risk exposure. The Pentagon is more worried about social media threats than email phishing, but this is seldom the case for enterprise security teams. In many cases, security leaders neglect their external digital brand presence and critical digital assets, concentrating instead on more traditional security functions like network, data, and device security.
As your attack surface – and, correspondingly, your digital risk – grows, the potential damage to your organization in terms of both finances and reputation grows in lockstep. Customers lose trust, blame brands, and avoid future interactions. The potential business fallout is clear: Lost customer trust, or even raised customer suspicion, can cut company revenues significantly.
Adopting Continuous Digital Risk Protection in Three Steps
By now, security leaders should be aware of Digital Risk Protection. However, what sounds like a simple solution can actually be a bit tricky to implement. That’s why I’ve laid out the three-step process for continuous digital risk protection below.
First, you must map your digital footprint. This means charting all your digital assets, whether you’ve authorized them or not – and chances are you haven’t authorized many of them. It’s important to determine the degree of control you have over each digital artifact, and classify them as sanctioned, rogue, or malicious.
Some common assets to keep an eye on include corporate or IT assets like domains, IPs, technologies used, login pages, and executive/VIP data; customer-facing and e-commerce assets like brand names, social media activities, customer login pages, and mobile apps; sensitive data such as login credentials, secret projects, and data loss prevention indicators; and industry-specific assets that will vary based on your field. Financial services organizations, for example, might include BINs and account numbers. Pharmaceutical firms might keep an eye on patented drug names, while retailers might include the names of brands or loyalty programs.
After you’ve mapped your digital footprint to the best of your ability, you have to monitor and verify cyber threat activity that may be targeting your organization. Key things to look for will be domain/IP spoofing, account takeovers, unauthorized activity or modifications, chatter about your organization, credential leakages containing employees or others associated with the organization, and brand impersonation attempts.
There are a wide variety of sources to monitor across the clear, deep, and dark web. On the clear web, you should watch mobile app stores, domain registrars, and paste sites. Deep web sources include chat groups, invite-only forums, and closed social media groups or pages. The dark web is significantly more challenging to keep an eye on, but much of the more severe threats against your organization will originate on dark web black markets, hacking forums, and credit card shops.
Once you’ve identified and validated a threat – or, more likely, threats – against your organization, you must move quickly to mitigate them. You can do this by remediating specific events, requesting takedowns by domain registrars and other hosting sources, updating blacklists and firewalls, issuing cease and desist orders, and coordinating with law enforcement to ensure your brand is not being compromised. It’s important to assume you lost, rather than waiting for it to happen, and prepare to have response teams and plans in place to ensure any successful attacks are swiftly dealt with.
Security leaders have to adapt to ever-evolving and rapidly orchestrated cyber threats, or they risk exposing their entire organizations to financial and reputational damages. Digital risk protection is a key piece of the puzzle when it comes to thwarting cyberattacks, and you must be prepared to tackle any and all challenges that come with it.
To learn more about extending your vision beyond the wire to identify emerging cyber threats before they develop into full-scale attacks against your organization, read our ebook, Dark Web 201: How to Leverage External Threat Hunting to Prevent Cyberattacks.
Nick Hayes is Vice President of Strategy at IntSights, where he oversees the company’s go-to-market (GTM), strategic initiatives, and corporate positioning and messaging. He also leads the technical and strategic alliance partner program, and represents IntSights and its threat intelligence product suite as a frequent speaker at major industry events worldwide. Prior to joining IntSights, Nick was a senior analyst at Forrester Research where he advised Fortune 500 and growth companies on cybersecurity strategy, technology selection, and market trends and best practices. He is regularly cited by industry and business media, including CNBC, DarkReading, Financial Times, SC Magazine, The Wall Street Journal, and VentureBeat.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.