<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

Are you ready for Digital Risk Protection? 5 Key Questions to Ask

by Cybersprint Blog Sep 9, 2019

Within most organisations, digital security infrastructure grows organically, and it’s easy to lose clarity over exactly what capabilities are in place. So, although Digital Risk Protection (DRP) solutions are an increasingly important weapon in the fight against digital threats, it’s important to know what you need before you pull the trigger on an investment. Here are the questions we believe CISOs should be asking in the decision-making process.

 1. What capabilities do you need?

Digital Risk Protection (DRP) is a key element of a modern cyber security strategy, but it isn’t the only one. The first step in selecting a solution is to establish a clear picture of your current capabilities when it comes to the discovery, assessment and remediation of digital risks. Frequently, organisations find that they have deep risk protection capabilities in a few key areas, but poor visibility of the less obvious security weaknesses they may have. For example, Shadow IT or Forgotten IT can essentially be invisible to an organisation. An employee’s personal mobile phone or an old website landing page can provide hackers with easy access to corporate networks because the assets concerned don’t comply with current security policies and have probably not been patched or updated regularly. This is why it makes sense to employ a DRP solution that can give you a complete picture of your organisation’s digital attack surface.

2. What resources do you have?

Most organisations have a skills and/or resources gap when it comes to man aspects of cybersecurity, including digital risk protection. Add in an increasing number of threats and alerts, and the consequence is a growing time to resolution when a security incident occurs. Therefore, the fewer resources you have or want to dedicate to monitoring digital risk, the greater the level of automation and integration you should be looking for in your DRP solution. Most of the legwork in terms of scanning and identifying threats will be automated whichever vendor you choose. But what about reporting? Is it fixed and restricted, or highly customisable? Can you integrate the tool with, for example, an IT service management solution such as ServiceNow? Every DRP management task you can automate or integrate will minimise the effort required to reduce your risk. Not only that, it will free up your resources to focus on other tasks. 

3. How will you deal with false positives?

The sheer volume of genuine digital threats makes it tempting to treat every security alert as a potential attack. But do that, and IT security staff will quickly drown in a sea of false positives, slowing the reaction time to genuine security incidents. You need to ensure your security infrastructure can differentiate between risks that are relevant, accurate and immediate, so that you can prioritise which you deal with and how quickly. Increasingly, DRP solutions are using artificial intelligence and machine learning to help contextualise alerts and make the job of risk differentiation and prioritisation easier.

4. How will you handle risk evolution?

The really challenging aspect of increasing cyber threats isn’t volume, it’s rapid and continuous evolution. The days of the 'Nigerian prince' scams are coming to an end. Instead, hackers and other cyber criminals are changing the way they operate. This could mean planning attacks that occur simultaneously at multiple points all over the world, or which target specific individuals such as high-profile executives. Or it could involve automation that enables hackers to quickly assemble a complete picture of your organisation’s potential digital attack surface, including everything from servers to security cameras. Good DRP solutions also use automation for digital footprint mapping and monitoring that helps combat these threats.

5. How will you ensure compliance?

When it comes to Digital Risk Protection, compliance should never be about box checking against a notional list of capabilities that “should” be in place according to best practice. It should be focused on preventing or mitigating digital risk, wherever it originates, however unlikely. DRP solutions can help ensure compliance from a brand and security regulation perspective. Identifying genuine but poorly configured digital assets, and identifying fake web properties are two of the ways in which DRP can help organisations enforce brand compliance. From a compliance perspective, DRP solutions can present digital risks in specific formats, helping organisations prove that they adhere to compliance frameworks, such as the NIST Cybersecurity Framework and ISO27000. 

Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online.

Do you want to know how you can improve your organisation's cyber resilience? If you’d like to see what we can do first-hand, you can request a free Quickscan of your company’s digital footprint. 

 

Get your free Quickscan

 

Comparing Germany's Digital Risk to Western Europe's

Cybersprint is expanding their services in Germany. The development and awareness of cyber security in the German markets is interesting to see. This inspired us to make a comparative analysis of the cyber-resilience between German organisations and those in the rest of Western Europe. Does the German approach to regulatory control and cybersecurity result in a noticeable difference?

read more

How banks can avoid biting in a phisher's hook

How do you rob a bank in 2019? Forget balaclavas, safecrackers and getaway cars. All you need is a laptop, some software and a little imagination. The result? A phishing “business”, which fools online banking users into thinking they are logging into their account, when they are actually giving away their login details to cybercriminals. Bank customers have always been the easy target in this kind of scam. A report from Kaspersky Labs found that almost 50% of phishing campaigns used this method. But as banks have improved their fraud prevention measures to protect their customers, the focus of the phishers has broadened to include the banks themselves.

read more

Cyber-resilience for government: how safe are you and your citizens?

As more and more public services go online, citizens need to feel they can trust governments with their data – especially those reluctant to start using digital versions of familiar services such as passport renewal or residency registration. Moreover, sensitive government documents and sensitive communication channels between departments and politicians need to be kept secure, even as cyberthreats become increasingly sophisticated and effective. Digital Risk Protection (DRP) solutions are a key element of cyber-defence strategies for public sector organisations when it comes to keeping citizens, politicians and their data safe.

read more

Do you have a question?

Our experts have the answers

Contact us