The Risks of a Global Digital Workplace

August 1, 2018 • Andrew Scott

As innovation has continued to grow rapidly, so has the global economy and our level of interconnectivity as a global population. With the expansion of digital and technology applications to modern business, the risk to organizations in a globalized world has become larger. Data is now traded as a commodity, just as oil is traded between producers, consumers, and the ever present middle man.

Organizations now operate seamlessly across multiple borders and continents, passing terabytes of data back and forth every second to drive forward innovation and commerce. Companies rely more and more on the connection between employees on a global scale while ensuring the mobility of those employees remains unconstrained. In what can only be defined as “digital globalization” by Mckinsey and Co., the opportunities for growth are significant — but so are the risks tied to those opportunities.

Bytes Are Worth More Than Barrels: Technology’s New Role in Globalization

With the advancement of technology in nearly every aspect of life (even your home refrigerator can now send you an email if you need milk), the now-aging idea that traditional commodities still drive innovation is starting to die out. Our new global reality has become one where data is as valuable a commodity as oil, and in some cases, even more desired. Because the global economy relies on the transfer of data for commercial and social use, it has put the exploitation and protection of this new commodity at the forefront of business, as well as the evening news cycle. However, this approach has also increased the risk of this data falling into the wrong hands — an event that is happening more and more often.

In nearly every industry, information technology plays some role, especially in banking, telecommunications, ICS and manufacturing, energy, defense, healthcare, and retail. Each one of these industries has its own set of regulations to meet as well as associated challenges. The ability to protect this information as organizations grow only becomes more and more important as industries blend together and information drives further innovation.

“Thank God It Wasn’t Us”: The Risk of Not Protecting Your Enterprise Against the Unknown

Despite the severity of recent breaches to high-profile businesses that affected their brand reputation, customers, and patients, much of the world still operates on an “at least it wasn’t us” mindset. This brings us back to the notion of workplace culture around security. Changing the business practices and habits of employees and organizations is a monumental task. However, as we have seen lately, a data breach or cyberattack does not only affect the information technology side of the brand. Rather, the fallout stretches across IT, public relations, human resources, finance, and potentially other departments, as organizations work to stop the bleeding from these events. In an era where customers have many options, a breach or loss of consumer confidence can be extremely detrimental to a company’s long-term profits or finances.

Take Equifax, for example. As much as it may have rebounded and recovered from its infamous 2017 data breach, the organization still has the stigma of being a victim to a breach, and thus, has suffered a loss of consumer and public confidence. Though the purpose of this article is not to evaluate Equifax’s response or breach in detail, it is important to note that the company’s investment strategy did include a product that has been more and more common: cybersecurity insurance.

According to a March 2018 Reuters article titled, “Equifax Breach Could be Costliest Yet at $439M; Insurance to Cover $125M,” cyber insurance helped cover part of the cost of the breach — approximately $125 million — whereas the total cost of the breach has reached $439 million. This new phenomenon in insurance offerings is provided by major insurance companies like Liberty Mutual.

As attacks evolve and new TTPs are encountered, organizations and businesses will need ways to adapt and identify these new trends and threats on an ever-changing basis. In addition, understanding the value of the contents of a respective organization’s data that is held is paramount. Of course, understanding the value of the data not just to the respective organization, but also to an attacker, is a must. As information about the types of Facebook data being gathered by Cambridge Analytica emerged publicly, it became clear exactly how risky it is to lose this type of information, as much of it revolves around our private lives.

As organizations continue to adapt to and grasp their respective threat landscapes and weak spots, the need to adapt and respond in kind has increased. As we have identified, changing the security culture at any organization is quite difficult, as changes to daily business processes can often disrupt productivity and change routine workflows. Given this, alternative ways of identifying threats and arming defenders against unknown threats is a must. This is where threat intelligence comes into play.

The Case for Threat Intelligence

While still an important function of information security and a best practice for any enterprise, the areas of application for threat intelligence have expanded greatly, and as such, the traditional model of applying threat intelligence solely for threat hunting and TTP or APT tracking is quickly dying out.

Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” Any organization that conducts operations on the internet should take security seriously, especially in identifying areas where there are visibility gaps in daily operations. Just as a sports team will scout upcoming opponents, or armed forces will conduct operations with proper intelligence, modern organizations should take the same action against attackers.

But how does an organization fight the unknown and coordinate information security processes and practices? Enter Recorded Future. Recorded Future’s extensive data gathering helps protect critical infrastructure by tracking known vulnerabilities and supports processes by tracking a brand’s public reputation, identifying data leaks of a company’s intellectual property or credit cards, as well as many other areas of need. Given the expanding threat landscape, using threat intelligence should be a part of your organization’s security approach and will contribute to your overall security hygiene.

Identifying your organization’s known unknowns and risk landscape will be essential as industries and society evolves. Fortunately, the challenge of trying to identify your “unknown unknowns” (as former Secretary of Defense Donald Rumsfeld called them in his memoir “Known and Unknown”) and areas where visibility gaps are present can be alleviated using threat intelligence. Through Recorded Future, you can illuminate those dark spots and give your organization the advance notice to threats targeting you. As Stephane Nappo, the Societe Generale CISO said, “It takes 20 years to build a reputation and few minutes of cyber incident to ruin it.”

Andrew Scott

Andrew Scott is an intelligence services consultant at Recorded Future.