Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Four Steps to Begin Better Managing Your Digital Risk

Four Steps Organizations Can Take to Begin Managing Their Digital Risk

Four Steps Organizations Can Take to Begin Managing Their Digital Risk

The emergence of Cyber Threat Intelligence (CTI) has given organizations valuable intelligence into a myriad of attacker behaviors. Armed with CTI, companies can focus on their adversaries’ tactics and techniques, and use this information to inform their defense strategy to reduce digital risk. But for these strategies to be truly effective they must include an approach to both estimating and effectively managing organizational risk; assets that need to be protected, weaknesses present in internet-facing systems, and opportunities threat actors may exploit. 

By monitoring for exposure and assessing the threat, organizations can develop a better idea of what to protect. Here’s four steps organizations can take to begin managing their digital risk. 

Step 1: Identify Key Assets to Protect 

This first step is taking stock of the critical assets you wish to protect and how this data could appeal to adversaries. Start with people (e.g. customers, employees, partners, service providers); organizations (e.g. service departments, common infrastructure), and the systems and critical applications that support them (e.g. websites, portals, databases, payment processing systems, Enterprise Resource Planning (ERP) applications).

Consider how these assets relate to the organization’s vital business and economic functions, those that may generate profit, provide competitive advantage, or on which intangible properties such as trust, reputation and goodwill rely. The exposure of intellectual property – product designs, proprietary code, and patent information – often impacts competitive advantage. Exposed customer data may result in violations of compliance and privacy regulations. Employee credentials, private RSA keys, or exposed security assessments could fall into threat actors’ hands, enabling reconnaissance efforts.

Once these most important pieces are identified, organizations can begin to understand which actors are most likely to target this data. 

Advertisement. Scroll to continue reading.

Step 2: Understand the Threat

Understanding threat is a key part of calculating risk. CTI, when accomplished effectively, can provide practical insight into these threats. A recent shift towards a strategic focus on attacker behavior provides a common language into how defenses can be aligned to real-world vulnerabilities. However, behaviors are just one part of understanding threats. Organizations must also understand the circumstances threat actors most often exploit and reduce their opportunities.  

Frameworks such as MITRE ATT&CK provide a way to describe attacker behavior through observed tactics, techniques, and procedures (TTPs). By combining this behavioral information with threat modeling, organizations can then consider why a particular type of threat actor would target the organization, what they would hope to gain, and what their goals would be. By understanding the range of threat actor TTPs, and protecting against the exposure of data that could enable them, organizations can decisively reduce their risk profile.

Step 3: Monitor for Exposure

Detecting exposed assets across the open, deep, and dark web can be a daunting task. The typical exposure of a mid-sized organization served by Digital Shadows includes 290 spoofed domains or social media accounts, 180 certificate issues, 84 exploitable vulnerabilities, 360 open ports and 100 exposed business documents. There are plenty of tools to help. DNS Twist gives organizations a view into phishing sites using permutations of a company’s domain; Have I Been Pwned provides insight into exposed credentials; and the Google hacking database provides ways to detect exposed sensitive documents. Consider also making use of services used by marketing and brand management teams to monitor social media can provide a useful insight into what is being discussed about an organization online. 

Step 4: Mitigation Strategies

Detecting exposure and understanding threats is important, but taking action to resolve and mitigate risks is critical. Mitigation strategies include immediate, tactical responses; operational responses that can be done on an ongoing basis; and strategic responses that may involve investment or directional influence.  For example, an organization that has identified large numbers of exposed credentials may look at implementing Multi Factor Authentication (MFA). Similarly, providing more effective storage solutions may be advised if employees are backing up work on home computers. 

While no single solution or approach can reduce digital risk, by understanding where assets are exposed, their value to attackers, and how attackers target this data, organizations can make better decisions about their defenses and improve them over time.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.