Your Brand Is a Target: How to Protect Your Reputation With Security Intelligence
December 11, 2019 • The Recorded Future Team
Editor’s Note: Over the next several weeks, we’ll be sharing excerpts from the newly released second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program.” Here, we’re looking at the tenth chapter, “Threat Intelligence for Digital Risk Protection.” Want to read the entire chapter? It’s available in this e-book on brand protection, or you can download your free copy of the entire handbook.
Your company’s reputation is everything. But as you grow your online presence to connect with new audiences, enhance your customers’ experiences, and extend your services and offerings, your brand can become vulnerable to cybercriminals of all sorts: financially motivated attackers, competitors trying to obtain your secrets, and hacktivists who want to undermine your efforts.
You also have to worry about how threat actors can hijack your brand and counterfeit your web presence to serve their own ends — for example, by creating fraudulent domains to use in phishing attacks or by disseminating false information in your name.
A meaningful online presence requires you to think deeply about how to protect yourself from digital risk. And as you move toward a comprehensive security intelligence program, it’s critical that brand protection is deeply integrated into your strategy.
This blog explores how security intelligence can help your organization rapidly detect and remediate digital risks. The following excerpt has been edited for length and clarity.
Types of Digital Risk
Digital risk falls into several categories. The most important are:
- Cyberattacks leading to the theft and disclosure of data
- Risks created by issues in the supply chain
- Risk related to actions by employees
- Brand impersonation
Uncovering Evidence of Breaches on the Web
While digital risks come in many forms, the common denominator is the fact that most cyberattacks leave traces on the web.
Threat intelligence solutions can pinpoint digital risks by monitoring the web, including private forums on the dark web, to uncover these “traces,” or evidence of data breaches within your organization and partner ecosystem. Evidence can include:
- Your customers’ names and data
- Financial account data and Social Security numbers
- Leaked or stolen credentials from your employees
- Paste bin sites containing your proprietary software code
- Forums mentioning your company and announcing intentions to attack it
- Forums selling tools and discussing techniques to attack enterprises like yours
Timely discovery of these indicators can help you:
- Secure the sources of the data
- Find and fix vulnerabilities and misconfigurations in your infrastructure
- Mitigate future risks by improving security controls
- Identify ways to improve employee training and coding practices
- Enable your SOC and incident response teams to recognize attacks faster
Uncovering Evidence of Brand Impersonation and Abuse
Brand protection is a slightly different game than data protection. The primary goal is not to strengthen your infrastructure and security controls, but rather to “take down” the impersonations as quickly as possible. Threat data gathered from the web can reveal:
- Typosquatting domains
- Domain registrations that include your company or product name (or variations)
- Hashtags that include your company or product name (or variations)
- Social media accounts purporting to belong to you or one of your employees
- Unauthorized mobile apps using your branding
- Forums that mention plans to impersonate your brand
Critical Qualities for Threat Intelligence Solutions
Of course, mitigating digital risk is not simply a matter of finding some isolated piece of stolen data or one typosquatting domain. Somebody — or something — has to do the broader work of collecting masses of data, sifting through thousands of data points, analyzing relationships among the data points, deciding priorities, and ultimately taking action.
The best approach is to use a security intelligence solution that can:
- Collect and Scan Data From the Widest Range of Sources: Automating the data-collection stage saves analysts precious time. The best solutions gather data not only from open web sources, but also from the dark web and technical sources.
- Map, Monitor, and Score Digital Risk: Through automation, advanced data science, and analytic techniques like machine learning and natural language processing, threat intelligence solutions should help analysts link business attributes with related digital assets; detect, score, and prioritize digital risk events; and coordinate risk remediation activities.
- Coordinate Remediation: Robust intelligence solutions generate alerts and reports that provide information on how to remediate problems. They also integrate with tools that can perform remediation immediately, and offer a service to take down typosquatting sites, misleading social media accounts, and other forms of brand impersonation.
Get the Threat Intelligence Handbook
For a deeper dive on digital risks and how to uncover indicators quickly to protect your brand, download our new e-book, featuring the entire chapter on brand protection from our handbook. You’ll also learn how a large human resources organization defeated typosquatting and quickly mitigated a phishing threat using real-time threat intelligence.
Download your complimentary copy of “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program.”