Expanding digital footprints and the increased risk that comes with that expansion is one of the most challenging issues facing organisations today. While social media, the Internet-of-Things (IoT), greater access and interconnectivity across complex supply chains, and a variety of as-a-service business tools have transformed many aspects of business for the better, they have also dramatically expanded organisation’s digital footprints. And with a greater level of presence comes increased risk, giving malicious actors more connections to leverage as they worm their way into organisations’ networks, steal sensitive data, and disrupt business operations.
It can be difficult to track, understand, and prioritise all of the compounding threats tied to the expanding digital footprints of organisations. As Forrester Research noted in a recent research paper, "[S]ecurity and risk pros track a much smaller portion of their environment than they realise … and without comprehensively and persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risk events." (The Forrester Wave: Digital Risk Monitoring Q3 2016, Nick Hayes)
Digital risks move beyond traditional boundaries
The bottom line here is that an organisations digital “level of presence” is generally much greater then realised and this presents new opportunities for attackers to exploit. Over the past few months SurfWatch Labs analysts have observed real-life security events including:
- Breaches at a single vendor being exploited to steal sensitive data from dozens of connected organisations
- Information stolen from one organisation being leveraged to gain legitimacy in social engineering campaigns against another organisation
- Consistent customer account compromises stemming from massive pools of previously compromised credentials and widespread password reuse
- Brand damage due to illegitimate social media accounts, phishing campaigns, and other scams leveraging well-known brands
Supply chains expanding your level of presence
Organisations have become either partially or completely blind to various aspects of their organisational risk due to their expanding digital footprints. Data has shown that this is particularly true when it comes to the spider web-like growth of supply chains and the constantly changing dark web marketplaces and cybercriminal forums where stolen goods are bought and sold. For example:
- Although an average company’s network is accessed by nearly 90 different vendors each week, only 35 per cent of IT decision makers surveyed in the Bomgar 2016 Vendor Vulnerability survey could state with confidence the actual number of vendors accessing their systems.
- Nearly half (49 per cent) of those surveyed for the Data Risk in the Third Party Ecosystem survey confirmed their organisations had experienced a data breach caused by third-party vendors, and 73 per cent did not believe that vendors’ vendors (e.g. service providers or subcontractors hired by third-party vendors) would even notify them in the event of a breach.
How to minimise your digital risk blind spots
The challenge for many organisations is finding a way to coalesce so many disparate threats into one place where they can be tracked, evaluated, prioritised, and mitigated. Here are three things you should consider to give you visibility and guide decision-making around your digital risk:
1. Collect Threat Data that is Comprehensive, Yet and Personalised to Your Business
With so many potential attack vectors, the threat data collected must be wide reaching and cover a variety of areas where organisations have traditionally been in the dark. This includes things like marketplaces on the dark web, cybercriminal forums, paste sites, and social media platforms – in addition to sources such as phishing feeds, vulnerability and breach reports, security blogs, and other open web sources. Malicious activity on the dark web continues to impact organisations, and the first quarter of 2017 saw nearly 1,000 industry targets either being discussed on cybercriminal forums or having their data bought and sold on dark web markets, according to SurfWatch Labs’ data.
Collecting data from all these sources in an automated and structured way can provide the foundation to deriving valuable insights into the changing tactics, techniques, and procedures of malicious actors. However, all of that data is just additional noise if the information is not personalised and filtered through an organisation’s specific risk profile. By overlaying threat intelligence data with the unique risk profile of your organisation, you can illuminate risk areas that may have been overlooked and provide the insight necessary to ensure that resources are focused on the most relevant and impactful organisational risks.
2. Experienced Human Analysts are Needed to Provide Context and Best Practices
Automation is crucial and can help greatly in terms of collecting data and as an initial filter, but relying solely on automated systems can produce information that is lacking in context and perspective. Effective strategic and operational threat intelligence requires more than feeds and automated alerts. It needs to be balanced out by a team of human analysts that can go beyond the surface-level data and provide the context and insight necessary to evaluate new and evolving risks – and most importantly translate relevant threats into specific actions that can be implemented in order to mitigate those threats.
3. Know Your Digital Risk with Easy-to-Understand Visualisation and Reporting
Every product or service that your organisation delivers is dependent on technology in some way shape or form in order to be successful, which ultimately creates digital risk that impacts many areas of an organisation. Thus the tools and services used to shine a light on that digital risk must be flexible enough to meet the needs of a diverse group of stakeholders. Since organisational risk affects different roles in different ways, risk visualisation tools need to be able to adapt so that those various individuals can quickly see and evaluate the key risk elements that matter to them.
This can include C-suite executives, board members, and other business leaders who may have little concern over the technical details of cyber threats. Nevertheless, they need to a way to quickly visualise the different risks facing their industry and identify which functions of the organisation, partners, and suppliers are being targeted.
More organisations are being impacted by data breaches and other cyber-related incidents than ever before, and those events have proven costly in terms of monetary loss, downtime, mitigation, customer notification, legal and regulatory fallout, long-term brand damage, and more. As the digital footprints of organisations expand, so too does their cyber risk. In addition to gaining visibility of your digital risk (a key first step), with finished cyber threat intelligence that incorporates all three components listed above, you receive useful details on a specific threat, how it’s exploiting your cyber risk to carry out an attack, the potential impact to your business, and recommended courses of action to mitigate the risk. Cyber threat intelligence that is relevant, practical, easy to understand, and ongoing can provide the guidance necessary for you to stay one step ahead of malicious actors and better manage your expanding digital risk footprint.
Adam Meyer, chief security strategist, SurfWatch Labs
Image source: Shutterstock/violetkaipa