Last week, we introduced our Digital Risk Protection for Dummies guide and explained the basics of digital risk protection (DRP). Today, we take a look at the first step in implementing a DRP program for your organization – mapping your digital footprint to gain a full understanding of how and where you might be attacked.
Cybercriminals can effectively create a map of all your weak points in just a few hours of research. If you don’t know how and where you might be attacked, you could find yourself playing catch-up against these threat actors, and at that point, it may be too late to stop an attack.
Knowing your attack surface enables you to generate specific and actionable intelligence, so you can identify your weak points before attackers can. Here are some crucial actions you should take to map your attack surface and protect your organization:
Identify Attack Vectors
Protecting your organization from cyberattacks is a top priority, but it’s imperative to approach the challenge from an external perspective. Hackers and other threat actors are looking for entry points so they can infiltrate your system. By taking the same approach and mapping your digital footprint, you can gain a more complete understanding of the kinds of threats you face and what action you can take to mitigate them.
It sounds like a simple enough concept, but in practice, it can be challenging. Your attack surface is constantly evolving, growing, and adding contributors. The more broad your digital operations become, the broader your attack surface becomes.
This is the double-edged sword of digital technology in the workplace. Organizations are leveraging technology to glean insights, increase productivity, develop new products and reach customers in more complex and innovative ways than ever before. But as a result, their attack surfaces are more expansive than ever, leaving them more prone to vulnerabilities. Many have been thrust into the digital age without the knowledge or resources to adapt to these new threats.
Keep Inventory of All Assets
As your digital footprint expands, so does the challenge of keeping track of it. Traditional assets, like desktops and servers, are increasingly interconnected with the outside world – even if they are on premise.
The increased popularity of cloud applications has facilitated a more mobile and agile workplace, but it also means your organizations’ devices are constantly connected with external servers beyond your control. Web outlets and mobile applications, social media accounts, databases, IP ranges, repositories, Internet-facing assets, ASNs, and other such outside sources are all further potential targets for threat actors.
This makes keeping inventory more challenging than ever. As you get a handle on your digital footprint, pay attention to the following areas:
- IT/corporate assets: This includes your domains, IPs, technologies in use, login pages, as well as executive and VIP names and data.
- Customer-facing and e-commerce assets: This includes brand names, social media activities, customer login pages, and mobile apps.
- Sensitive data: You’ll be taking stock of login credentials, secret projects, and data loss prevention indicators.
- Industry-specific assets: These assets vary depending on the business you’re in. Financial services companies, for example, might include BINs and account numbers. Pharmaceutical firms keep an eye on patented drug names, while retailers might include the names of brands or loyalty programs.
In all likelihood, your IT and security teams are not even aware of many of the factors that contribute to your digital footprint. Between Internet-facing services set up by employees and later abandoned, projects that were launched without the IT team’s knowledge to avoid red tape (known as shadow IT), and third-party assets that may be overlooked, there are any number of potentially at-risk assets your organization has little or no control over. It is vital to keep inventory of all these threats to accurately map your footprint.
Check the Details
Outside of apps and services your organization may use, executives and VIPs can be tantalizing targets for cybercriminals. Your executives’ personally identifiable information (PII) can be incredibly valuable if it makes its way to the dark web. Threat actors may attempt to use their names and email addresses to create web assets impersonating them and unleash social engineering attacks. Brand impersonation is another common attack strategy for cybercriminals looking to exploit customers.
Threat actors constantly find new ways to expose your organization’s vital information. They may impersonate your CEO on social media; or create a malicious app impersonating your brand; or they may use your logo and branding to facilitate a customer phishing scam, putting both your customers and your brand reputation at risk all in one fell swoop. It is crucially important to keep your executives’ PII locked down, and monitor any external use of your brand assets.
For more on how to introduce DRP to your organization’s cybersecurity strategy, download your free copy of Digital Risk Protection for Dummies, IntSights Special Edition.