<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

Are you ready for Digital Risk Protection? 5 Key Questions to Ask

by Cybersprint Blog 9 Sep 2019

Within most organisations, digital security infrastructure grows organically, and it’s easy to lose clarity over exactly what capabilities are in place. So, although Digital Risk Protection (DRP) solutions are an increasingly important weapon in the fight against digital threats, it’s important to know what you need before you pull the trigger on an investment. Here are the questions we believe CISOs should be asking in the decision-making process.

 1. What capabilities do you need?

Digital Risk Protection (DRP) is a key element of a modern cyber security strategy, but it isn’t the only one. The first step in selecting a solution is to establish a clear picture of your current capabilities when it comes to the discovery, assessment and remediation of digital risks. Frequently, organisations find that they have deep risk protection capabilities in a few key areas, but poor visibility of the less obvious security weaknesses they may have. For example, Shadow IT or Forgotten IT can essentially be invisible to an organisation. An employee’s personal mobile phone or an old website landing page can provide hackers with easy access to corporate networks because the assets concerned don’t comply with current security policies and have probably not been patched or updated regularly. This is why it makes sense to employ a DRP solution that can give you a complete picture of your organisation’s digital attack surface.

2. What resources do you have?

Most organisations have a skills and/or resources gap when it comes to man aspects of cybersecurity, including digital risk protection. Add in an increasing number of threats and alerts, and the consequence is a growing time to resolution when a security incident occurs. Therefore, the fewer resources you have or want to dedicate to monitoring digital risk, the greater the level of automation and integration you should be looking for in your DRP solution. Most of the legwork in terms of scanning and identifying threats will be automated whichever vendor you choose. But what about reporting? Is it fixed and restricted, or highly customisable? Can you integrate the tool with, for example, an IT service management solution such as ServiceNow? Every DRP management task you can automate or integrate will minimise the effort required to reduce your risk. Not only that, it will free up your resources to focus on other tasks. 

3. How will you deal with false positives?

The sheer volume of genuine digital threats makes it tempting to treat every security alert as a potential attack. But do that, and IT security staff will quickly drown in a sea of false positives, slowing the reaction time to genuine security incidents. You need to ensure your security infrastructure can differentiate between risks that are relevant, accurate and immediate, so that you can prioritise which you deal with and how quickly. Increasingly, DRP solutions are using artificial intelligence and machine learning to help contextualise alerts and make the job of risk differentiation and prioritisation easier.

4. How will you handle risk evolution?

The really challenging aspect of increasing cyber threats isn’t volume, it’s rapid and continuous evolution. The days of the 'Nigerian prince' scams are coming to an end. Instead, hackers and other cyber criminals are changing the way they operate. This could mean planning attacks that occur simultaneously at multiple points all over the world, or which target specific individuals such as high-profile executives. Or it could involve automation that enables hackers to quickly assemble a complete picture of your organisation’s potential digital attack surface, including everything from servers to security cameras. Good DRP solutions also use automation for digital footprint mapping and monitoring that helps combat these threats.

5. How will you ensure compliance?

When it comes to Digital Risk Protection, compliance should never be about box checking against a notional list of capabilities that “should” be in place according to best practice. It should be focused on preventing or mitigating digital risk, wherever it originates, however unlikely. DRP solutions can help ensure compliance from a brand and security regulation perspective. Identifying genuine but poorly configured digital assets, and identifying fake web properties are two of the ways in which DRP can help organisations enforce brand compliance. From a compliance perspective, DRP solutions can present digital risks in specific formats, helping organisations prove that they adhere to compliance frameworks, such as the NIST Cybersecurity Framework and ISO27000. 

Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online.

Do you want to know how you can improve your organisation's cyber resilience? If you’d like to see what we can do first-hand, you can request a free Quickscan of your company’s digital footprint. 

 

Get your free Quickscan

 

Control over third-party risk

Most organisations outsource parts of their IT infrastructure. This brings different opportunities for the services they deliver, such as cloud accessibility or faster web traffic through external web hosting. But there is a downside. As more parts of the online footprint are in the hands of third parties, the digital attack surface of your organisation grows. Even though you cannot directly control those assets, your brand can be held accountable when data is leaked. So, what can you do to regain control over your external assets?

read more

Pandemic-related domains list

- The information in this article will be updated frequently -  The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our latest research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.

read more

Bad actors leveraging crises: 3 types of activities to watch out for

2020 is surely not starting out as we expected, as the horrible virus is disrupting and even ending the lives of many. We have mixed emotions writing this up, because there many people doing way more important work, like healthcare workers. Unfortunately, the bad guys have leveraged the crisis like clockwork. We looked at the three most common activities of bad actors.

read more

Do you have a question?

Our experts have the answers

Contact us