Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Vince Lombardi, one of the greatest coaches of all time said, “The achievements of an organization are the results of the combined effort of each individual.” Think about the most successful coaches and you’ll see a common thread – the ability to bring players and staff together and use their talents effectively and intelligently to defeat opponents. Phil Jackson accomplished this with different NBA franchises and Joe Gibbs with different quarterbacks.

Vince Lombardi, one of the greatest coaches of all time said, “The achievements of an organization are the results of the combined effort of each individual.” Think about the most successful coaches and you’ll see a common thread – the ability to bring players and staff together and use their talents effectively and intelligently to defeat opponents. Phil Jackson accomplished this with different NBA franchises and Joe Gibbs with different quarterbacks. They didn’t count on any one “star” to carry the team. Nor did they focus their efforts defending against one big threat. They led their teams to victory by looking at the big picture and understanding how to strategically apply capabilities to defeat whatever the opposition pulled out of their bag of tricks.

Wouldn’t it make sense to follow a similar approach to defeat adversaries and mitigate digital risk, the risk associated with expanding our digital footprint as we increase business activities on the internet and via cloud solutions? But, typically, we don’t.

Just as great coaches know they’re up against an entire team that can vary their plays and draw on different skills with the sole aim of defeating them, the risks as you digitally transform your business come from all kinds of adversaries and places beyond the boundary. Individually, you don’t just have a dark web problem, or an open source problem or a social media problem. You have a problem with ALL external digital risks and threat actors seeking to do your business harm. 

Digital risks include cyber threats, data exposure, brand exposure, third-party risk, VIP exposure, physical threats and infrastructure exposure. Often these threats and risks span data sources and cannot be detected in full context by any point solution or even by multiple solutions used in isolation. You need insight across the widest range of data sources possible to mitigate digital risk and better protect your organization. Here are three examples.  

1. We all know organizations struggle to keep up with patching, and this challenge isn’t expected to go away any time soon. Gartner predicts that through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. Addressing every vulnerability as soon as a patch is issued isn’t possible for most IT teams. But determining which vulnerabilities to patch first can be problematic. By monitoring open, deep and dark web forums as well as social media you can learn which vulnerabilities are being discussed as popular vectors for attack. These sources can also reveal which exploit kits are using specific vulnerabilities and even if those exploit kits are being used to target your industry. Armed with this information, you can make more informed decisions about which systems and applications to patch first and more effectively and efficiently mitigate risk. 

2. Ideologically motivated, hacktivists are far from quiet. They typically use social media to promote their cause and garner attention and often announce their targets on Facebook or Twitter. They also use Internet Relay Chat (IRC) to orchestrate attacks in real-time. Monitoring social media and open source IRC channels for an uptick in hashtags and traffic is a leading indicator of whether a cause is gaining traction. Mentions of your company, key executives or IP addresses will help you determine if you’re being targeted so you can proactively boost security controls. 

3. A more complex example, but one that has been in the spotlight recently, is database extortion. In this scenario, attackers look for publicly exposed databases, for example on Amazon S3 buckets. From there, they may be able to find information allowing them to remotely connect to a server or desktop to infiltrate your organization further. Or, as in the case of the MongoDB extortion pandemic, they can replace data with a ransom request for bitcoin payment in exchange for restoration of the database. Should the ransom request go unheeded, attackers may then apply pressure on the CEO by posting a message to Pastebin or via social media. In this scenario there are several points of compromise and several ways to gain a deeper understanding of the attack. To learn the entire sequence of events, the impact to your organization and how to mitigate digital risk in the future you need more than visibility into S3 buckets. You need access to hacked remote server and remote desktop protocol (RDP) sites to look for mentions of your IP addresses. Access to Pastebin and monitoring social media channels will allow you to check for mentions of your company and/or executives. The dark web can provide information on threat actor profiles to understand their motivation and gauge credibility.

In each of these three examples, tracking just one source, or even all sources but in isolation would not give you the full context for any one of these threats. Like a coach, you need to be able to see the big picture with an approach that monitors the entire Internet for risks to your business. Only then can you take the right actions to keep your business and reputation intact and mitigate digital risk in the future.  

Advertisement. Scroll to continue reading.
Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...