Digital Risk Management – what you can do on a network you cannot control

Home / News / Digital Risk Management – what you can do on a network you cannot control

I’m sure you’ve heard many digital security presentations stating that the traditional network “perimeter” model is outdated and doesn’t work in a world of a distributed workforce (working from home, frequent travels, contractors). As organizations become more connected to their supply chain, customers and partners, the assets that security teams used to try to protect are becoming “externalized.” If we want to manage these new digital risks, we need to start looking beyond traditional boundaries… Sounds like another candidate for truism of the year nonetheless….

We’ll try to make it a little more clear…

Digital risk management refers to processes to improve assessment and monitoring, which can include cyber risk, third-party risk, operational risk and many other types of risk (yes, yes – it’s hard to generalize). These risks can affect an organization’s financial performance, operations or reputation. And, since this is a definition that can compete with our favorite “digital transformation” in its scope – we’ll elaborate a bit….

In order to safely realize the benefits of digital transformation, organizations need to consider three primary areas:

Detecting data loss

Hypothetically – our sensitive data has been exposed on the Internet – and we’re talking about both the World Wide Web and the darknet… Board meeting minutes inadvertently leaked, developers exposed sensitive code, or someone stole project data and put it up for sale giving examples… It’s an invitation to hack or cause damage to the company’s reputation. Companies that value competitiveness, in addition to prevention mechanisms such as DLP, have ways to investigate whether data has already leaked and is available somewhere on the Internet.

Online brand safety

Everyone today uses social media and other online platforms to connect with potential customers.  The younger your customer group, the more you look at social.

Cybercriminals are impersonating brands by registering fake domains, social media accounts and mobile apps. If successful, phishing attempts targeting customers can affect their revenue, loyalty and trust. It can hurt… especially since these fake accounts buy followers, have interests and do everything to be “legit.”

Reducing the attack surface

With the growth of IT infrastructure, remote working, adoption of supply chain management… it’s getting harder and harder to get enough attack surface visibility. Adversaries take advantage of this by exploiting public applications or creating fake sites to gain access credentials. Security teams need to monitor exploited infrastructure vulnerabilities, weak or expiring certificates, open ports, misconfigured file-sharing protocols… but also infrastructure impersonating that which belongs to their company.

Fortunately – or out of sheer pragmatism – the cybersecurity industry is developing a whole new branch to address these problems. Here are three steps you can take to help manage your digital risks.

Step 1 – Critical business assets

If you’re working with us, you’ve probably already identified them – nevertheless: an organization must first identify what sensitive data it has and how it can be used by threat actors or adversaries.

Of course, there is a so-called „gray area” everywhere – for example, some companies may not consider social media accounts as sensitive resources, nevertheless we see these accounts as a target for attack. Tip – for starters, look at the regulations you are subject to.

Step 2 – Monitor for unwanted exposures

To detect exposed resources, organizations should consider a wide range of sources and prioritize those that are most relevant to them on the web, deep web and dark-net:

  • Git repositories
  • Poorly configured online file-sharing services
  • Paste sites
  • Social media
  • File-sharing services
  • Criminal forums (dark-net)
  • Dark-net sites

If you are interested in a list of free tools to help you monitor digital risk and exposure – ask us. However, the amount of information is so great that companies outsource research and presentation of findings to companies that specialize in this.

Step 3 – Take action

Tactical:

  • Reduce the attack surface – look at your technical infrastructure through “attacker’s eyes”. Teams should withdraw and deprecate services wherever possible so that there is less to attack.
  • Remove offensive content from sites – There are many ways to remove offensive content from the Internet. Requests for removal need to be verified, but in our own experience, it is possible to remove much of the offensive content through social networking sites, ISP abuse notification processes, and legal notices that offer tools for such removal.
  • Network blocking activities – For sites with phishing attempts, policies should be developed to block the domain, IP address or offensive content using existing proxies, firewalls or perimeter controls. For organizations that are fortunate enough to have a ticketing system or, better yet, security orchestration and automation – then take common use cases for commonly observed behavior and implement blocking actions.

Operational:

  • Implement a monitoring strategy – start with domain monitoring and add more capabilities by use case over time. This ongoing scope will help build confidence in digital risk management.
  • Integrate with Incident Response Processes – Identify the threats to be monitored, implement a detection strategy, investigate, contain the threats, fix any issues and review.
  • Integration into security operations – Security operations teams need to consider context when reviewing external digital risk incidents. SecOps should have a view of the entire attack surface to understand all points of online exposure.

Strategic:

  • Update risk and threat models – The deeper the understanding of inputs, the more accurate the model. Make sure your risk assessments take into account critical digital assets, including those associated with third-party and supply chains.
  • Measure, manage and report on digital risk – The greater the visibility of digital risk, the better you can measure exposure and incident severity levels. We recommend integrating with incident management processes to improve capabilities

Building a digital risk management strategy takes time and company-wide effort; it is no easy feat. Professionals need to incorporate detection, integration and remediation to help build the maturity of their processes. Importantly, the attack surface is no longer within the infrastructure you control. It is also intellectual assets such as your brand, exposed in third-party infrastructure (mainly social-media but also e-commerce). Security teams need to build digital risk capabilities internally, but with the understanding that remediation may require contacting third parties to make changes to their infrastructure (e.g., Fake profiles on Linkedin).

We suspect that DRM-type tools will become increasingly important in the next few years – especially in sectors that rely heavily on brand presence online and social media (gaming, luxury or environmentally related brands).

Powiązane posty

Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.