[BreachExchange] Digital Risk Monitoring: The New Normal

[Audrey McNeil]

http://wwpi.com/2017/01/25/digital-risk-monitoring-the-new-normal/

The threat landscape is evolving much faster than many enterprises can
react to protect themselves and their customers.

Today, an online promotion can turn into a forgotten website that hackers
can use as an easy inroad to a network. A CEO’s social media presence meant
to create visibility with customers can turn into hundreds of rogue
accounts impersonating him. A deprecated SSL certificate can ruin trust
between a brand and its website visitors.

With massive breaches making headlines all the time—Panama Papers, the DNC,
Yahoo, the list goes on—it’s evident the most damaging cyber threats are
coming from sources outside the network firewall, completely invisible to
security teams that aren’t comprehensively and persistently monitoring risk
in all digital channels. The scale of these risks is unprecedented, and
most security teams continue to track a much smaller portion of their
environment than they realize, leaving much of it prone to attack.

To put things in perspective, Forrester recently released The Forrester
Wave™: Digital Risk Monitoring, Q3 2016. The report is a not-so-subtle hint
to security leaders that as their organizations continue to grow into the
cloud, SaaS, mobile, and social channels, their traditional security
programs are ill-prepared to continue protecting their business. For
example, the report notes that digital channels are the fastest way to
detect a slew of brand and physical risks such as compliance violations,
corporate defamation, protests, and supply chain disruption. Consider it
the writing on the wall: solutions and best practices that focus on
security outside the firewall are now table stakes for CISOs.

It can Happen to Anyone
The fallout for organizations that don’t take this new category seriously
can be crushing. Take the recent hack of the DNC for example. The Hillary
Clinton campaign’s chairman, John Podesta, had his personal Gmail account
compromised, leaking thousands of damaging emails to the public and sending
the campaign scrambling to control the damage.

Turns out, Podesta, a trusted confidant of some of some of the most
powerful people of the 21st century, fell victim to one of the oldest
tricks in the cyber threat book: phishing. Threat actors emailed him
purporting to be Google’s Gmail account services department saying his
password had been compromised and that he should change it via a fake link
to a phishing page on which he could enter his credentials. As you can
probably guess, he did–and the consequences have altered the American
political landscape.

Attacks like this also have seismic consequences for other organizations
that fall victim—the FBI estimates CEO email scams have cost organizations
more than $2.3 billion in losses over the past three years. But
inside-the-perimeter security technologies continue to fail in the face of
external threats like these, putting company stakeholders and customers
alike at risk. Security teams must now monitor their organizations from the
outside in, seeing it the same way their customers—and those targeting
them—see it.

So what goes into effective digital risk monitoring? When implemented, the
following best practices have proven to help enterprises significantly
address and protect against threats outside the firewall:

Discovery

An organization’s online presence is constantly changing via a wide range
of factors, both legitimate and malicious. As companies grow, it’s
increasingly challenging for security teams to stay on top of the
day-to-day activities by far-flung partners, vendors, and internal teams
and business units, making it easy for threat actors to create fake branded
websites, mobile apps, and social media accounts intended to fool customers
and prospects and steal sensitive information or distribute malware.

By having the ability to analyze and contextualize enormous datasets to
peruse the full breadth of the internet, these teams can have a real-time
view of their internet-exposed attack surface as it appears to hackers,
allowing them to verify the security and compliance of what assets belong
to them, and identify what may be fraudulent.

Efficient Detection

Web crawling plays a critical role in monitoring organizations’
internet-facing assets for security risks.

Web crawling technology for DRM is different than the kind built for
indexing. A network of crawlers, sensors, and proxy users, it works as an
emulated human user with a fully instrumented browser and algorithms to
simulate human-like mouse movements and click behavior. Similar to how you
read an article online, this type of automation does it much faster, all
while storing the entire chain of events that may have led to an attack and
allowing security teams to reconstruct an event and what led to it.

Scale

The same technological advances that empower internet users, services, and
businesses also enable cyber crime to thrive at an unprecedented scale and
velocity. Attackers can create massive amounts of these digital accounts at
little or no cost and leverage a huge network of black markets to maximize
profit and reduce the level of technical skill required to carry out
sophisticated attacks.

Organizations must be able to scale at the same pace, leveraging the
internet itself as a detection system to automatically defend a network
from cyber attacks.

Leveraging Automation

Attackers use automation to launch sophisticated attacks cheaply by
rotating and reusing undetected infrastructure. But defenders with access
to internet data can detect unknown threats at the source and track how
they change and spread.

Correlating threat data extracted from a broad set of data sources across
channels reveals the risk posed to an organization by a single piece of
infrastructure—and how it’s being used within a larger context. Advanced
analytics are necessary to automatically triage and address security events
and track changes in threat infrastructure to predict new attack vectors as
they emerge.

The New Normal

Digital Risk Monitoring platforms aren’t an overhaul of your security
programs—they should fulfill a unique function that complements and
enhances the other tools in your security stack. They should integrate
visibility into your external attack surface with the data and capabilities
provided by traditional security tools including SIEMs, firewalls, endpoint
security solutions, and vulnerability scanners—as well as non-security
tools such as GRC platforms.

Security programs that take digital risk seriously and proactively
operationalize digital risk monitoring as a function will have the best
chance at staying a step ahead of adversaries.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170125/2888989d/attachment.html>