Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today's world, an enterprise organization's digital footprint can be vast and will continue to grow.
Take for example the average employee who receives an average of 90 emails per day and sends 40 of their own. What about the social media team and employees? Every minute, Twitter sees an average of 350,000 new tweets being published. And customers? More than 200,000 domains are registered every single day, and an average of 6,140 Android apps are published each day. That means a great deal of white noise is being produced at the same time potential risks are being shared, which could potentially impact business. According to Hudgins, most of this data is benign, but that in itself can pose issues as well.
To that end, he provided the following tips for better detection and collection of digital risks, which will minimize white noise and allow teams to focus only on priority issues:
Ensure Sufficient Threat Vector Coverage for Your Digital Footprint
Does your marketing team monitor social media? This is a common situation, but typically they are not trained to spot or even handle digital risks. Risks such as spoofing to doxing can impact a brands reputation. Organizations need a process in place to escalate these kinds of risks to a security team.
Balance Source Data Scale and Fidelity
Every security team has limits around how much data they can process and respond to. Teams simply need to be realistic in how much effort they can expend on data analysis.
Go on the Offensive with Proactive Detection
Digital risks can be passively monitored for, but to head them off it's necessary to be proactive. When a new phishing domain is launched or data is being sold on the dark web, finding them early on will better prepare a team for their potential impact.
Leverage Both People and Technology
People are flawed. Technology is flawed. Combined? You've got a powerful system that balances each other out. By developing an experienced team of security professionals and empowering them with the right tools, digital risks are more easily mitigated.
Constantly Monitor Threats for Changes in Tactics
In our upcoming Phishing Trends and Intelligence report we will highlight how threat actors are taking proactive measures to hide their footsteps. This is becoming more frequent, and because of these blocking techniques, it can be more challenging to detect and collect phishing threats. However, there are ways around these techniques, and building these into the collection process are now necessary.
The Least Visibility
Prior to the webinar, we wanted to get a better idea of what threats organizations are facing today. Though a promoted Twitter poll is anything but scientific, it did provide some interesting tid bits.
Phishing threats continue to be one of the largest forms of digital risks for enterprise organizations. It should come as no surprise that when we asked Twitter users what threats they had the least visibility into that phishing (34%) topped the list. However, coming in a close second is social media (30%), which has become a necessary component for most modern enterprises. Both mobile and domain name-related risks tied for the number three spot.
What digital risks do you have the least visibility into? #cybersecurity
— PhishLabs (@PhishLabs) February 19, 2019
The Biggest Digital Risks
In addition to asking organizations what they have the least visibility into, we wanted to know what the biggest social media-related risk is for their teams. According to the promoted Twitter poll, doxing is by and far the most prevalent concern.
Doxing is of course when someone or a group of people share private information (PII) about a person or organization with malicious intent. For enterprise organizations, this can be a particularly nasty situation for executives. In second, but at a significantly smaller share of the pie, people also said that employee use of social media was also a concern.
What types of digital risks are you most concerned about tied to social media? #CyberSecurity
— PhishLabs (@PhishLabs) February 21, 2019
If you are interested in learning more about digital risk protection at a high level, you can access the full on-demand webinar here.