Understanding Digital Risk Protection
August 14, 2018 • Zane Pokorny
- Protect yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks, and resolving them.
- Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates, and even from your own employees.
- The best solutions should automate the collection of data and draw from many sources, should have the capabilities to map, monitor, and mitigate digital risk, and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.
It has become a self-evident truth that anybody looking to make something of themselves these days must have a strong online presence. Aspiring artists, shrewd politicians, huge corporations, and everyone in between strive to raise their visibility through on-brand social media posts and engaging organic web content. In addition, retail, advertising, and customer support has increasingly shifted to online spaces. When the efforts to increase online visibility are done well, they can shine out like a lighthouse and resonate with audiences and consumers. But having an outsize online presence casts long shadows, too.
Any individual or organization striving to have a meaningful online presence must also think deeply about how to protect themselves from digital risk. Online engagement with your audience can also bring unwanted attention from threat actors of all sorts — financially motivated cybercriminals, competitors trying to leak your secrets, or hacktivists who just want to undermine your efforts. A better understanding of what goes into digital risk protection and how to choose the best threat intelligence solution for it will help protect you against these threats.
While best practices will vary depending on the size and scope of your brand, there are a few fundamental concepts about digital risk protection that are helpful to know and follow. A recent report by Forrester on the subject provided a good outline of many of these core concepts.
Breaking Down Digital Risk
Digital risk protection is just one aspect of a threat intelligence management program. Before exploring how to manage it, the first step is to look at the various elements that constitute digital risk. We can break down the areas of risk into several categories:
Unauthorized Data Disclosure
This includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.
Threat Coordination Activity
Marketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.
Supply Chain Issues
Business partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.
This broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.
- Physical Infrastructure: Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyberattacks (like the STUXNET attack that derailed an entire country’s nuclear program).
- IT Infrastructure: Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of internet of things devices poses a growing and sometimes underappreciated risk here.
- Public-Facing Presence: All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.
Even the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.
Protecting Yourself Against Digital Risk
Forrester’s new report on digital risk protection identifies two essential objectives for any organization seeking to reduce digital risk: first, detecting what risks are out there, and second, resolving them. These two goals might seem obvious on the face of it, but they suggest a certain security stance that’s more active than reactive, putting digital risk protection under the umbrella of threat intelligence. The idea here is not to build a wall around your city and keep out any and all undesirables, but to feel safe walking freely in the world because you know what’s around you.
Viewed from that perspective, a few critical qualities that a digital risk protection solution should have were identified in the Forrester report:
- It should have the functionality to collect and scan data from a broad set of digital channels. Automation at the data-collecting stage saves analysts precious time. The best solutions will gather data from not only open web sources, but also from the dark web and technical sources.
- It should have capabilities to map, monitor, and mitigate digital risk. Through automation, advanced data science, and analytic techniques like machine learning and natural language processing, digital risk protection solutions should help analysts link business attributes with related digital assets; detect, score, and prioritize digital risk events; and coordinate risk remediation activities.
- It should have a clear focus on security use cases and functions. Digital risk protection is a broad objective with countless potential goals and applications, many of which are unique to particular organizations and industries. The most robust solutions include features like tailored marketing and messaging, abundant customer case studies, technical capabilities, and strategic partnerships, making them flexible and able to be used in various applications.
Because digital risk protection is just one potential application of threat intelligence, one of the best ways to defend your online presence is through implementing a threat intelligence solution that can be applied in many different ways.
For a more in-depth look into digital risk protection solutions, download your free copy of “The Forrester New Wave: Digital Risk Protection, Q3 2018.”