Today's enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional channels. This digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter.
In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities.Effectively applying DRP to your security program involves understanding each use case as it applies to your organization. Identifying which DRP use cases to focus on varies based on industry and size, and prioritization can be complicated due to many threats overlapping one another.
This article addresses the most common use cases below:
- Domain Monitoring
- Account Takeover Protection
- Social Media Protection
- Executive Protection
- Brand Protection
- Data Leak Protection
- Advanced Email Protection
Domain Monitoring
Look-alike domains are involved in a wide range of cyber attacks. They are easy to register, as well as cheap, and can include an endless number of variations. Threat actors create hundreds of thousands of spoofed domains each year and are consistently enhancing evasion techniques to trick victims into believing they are trustworthy.
Because malicious domains act as a catalyst for most online attacks, targeted organizations are at risk of falling victim to a variety of threat types. Look-alike domains can be used to create phishing sites, sell counterfeit products, or steal login credentials. Threat actors also use spoofed domains to conduct business email compromise (BEC) scams, deliver malware, and create ransomware attack lures.
Eliminating the risk a malicious domain poses is complex due to the high volume of potential threats and mitigation requirements. Communication with registrars is key, as each one will have specific evidence needed for takedown. Security teams should apply a combination of human expertise and automation in order to efficiently detect, gather, and mitigate domain threats.
Social Media Protection
There is a massive amount of publicly available information online that threat actors are using to impersonate organizations and their executives on social media. Spoofed accounts are easy to create and allow anonymity, making social platforms a desired medium to target victims. Real photos, logos, and personal information lend credibility to attacks, and make it difficult for even security experts to distinguish from legitimate accounts.
A variety of scams are conducted on social platforms, including financial scams, brand abuse, data leakage, and cyber threats. Monitoring for social media threats can be cumbersome, and removing suspicious accounts or posts is difficult without relationships with the platform in question and sufficient evidence.
Card Cracking Scam on Social Media
Account Takeover Protection
Threat actors use a variety of methods to take control of online accounts and engage in fraudulent activity. A lack of visibility into external threat campaigns makes it difficult for security teams to detect these types of attacks and as a result account holders are put at risk.
Attackers execute account takeover with different phishing schemes designed to persuade account owners to forfeit their usernames, passwords, and other types of sensitive data. These scams can take the form of phishing sites replicating a company page, banking trojans, and mobile campaigns such as vishing or SMiShing, and rely heavily on impersonation to convince the victim of their legitimacy.
Fake PayPal site
Brand Protection
Threat actors rely heavily on brand impersonation to legitimize attacks and exploit customer trust. Brand abuse can occur across all digital channels, and can incorporate almost every threat type. Common examples of brand threats include look-alike domains, fraudulent websites, and rogue mobile apps.
Brand misrepresentation can lead to irreversible reputation damage and harm brand value. Security teams need to have visibility across all digital channels to identify brand mentions as well as processes in place that promote rapid identification of real threats from false positives.
Data Leak Protection
Every business is susceptible to data leaks and affected organizations can face devastating consequences. While sensitive assets can be exposed due to various vulnerabilities, employees are the leading cause of data leaks, and as a result are highly targeted by threat actors.
Attack tactics designed to drive employee error include highly persuasive emails that socially engineer employees into disclosing protected data, confidential documents, or proprietary information. In addition to exposing data, threat actors also steal and leak small amounts of information on different platforms to fuel payment of ransom demands.
In order to minimize the damage of a data leak, organizations should implement detection processes that comb all online sources for enterprise-related data.
Executive Protection
Executives are targeted for a variety of online attacks due to their high visibility and high value. Detecting executive threats and effectively distinguishing them from false positives can be difficult, as bad actors use a range of attacks including impersonation, account takeover, and physical harm.
Fake LinkedIn Profile
Monitoring across all online channels for suspicious content targeting executives is key to limiting risk. Security teams should apply automated analysis and human-validated intelligence to quickly identify and minimize the impact of executive threats.
Advanced Email Protection
Email-based attacks remain one of the biggest threats to organizations and their employees. Bad actors are continuously enhancing their tactics and many advanced attacks continue to evade security technologies.
Ransomware and other malware threats often start with phishing emails. URLs or attachments delivered via email deliver malicious payloads that then load additional malware, such as ransomware and banking Trojans, onto compromised machines.
Among the most effective methods used in advanced email attacks are business email compromise (BEC). BEC attacks can result in costly consequences because they incorporate impersonation to convince an employee to send money or sensitive data to the attacker.
Proactively protecting against advanced email threats includes detecting look-alike domains outside your network to block deceptive URLs, as well as identifying and mitigating external attacks that result in stolen credentials.
According to Gartner's Emerging Technologies Report, the range of external use cases and ability to support them has driven the need for DRP capabilities across all organizations, regardless of size or maturity level. Security teams may find that only a few of these use cases apply to their organization, however as the external digital landscape evolves it is important to reassess current DRP solutions and determine whether or not additional ones should be prioritized.
Additional Resources: