Within most organisations, digital security infrastructure grows organically, and it’s easy to lose clarity over exactly what capabilities are in place. So, although Digital Risk Protection (DRP) solutions are an increasingly important weapon in the fight against digital threats, it’s important to know what you need before you pull the trigger on an investment. Here are the questions we believe CISOs should be asking in the decision-making process.
1. What capabilities do you need?
Digital Risk Protection (DRP) is a key element of a modern cyber security strategy, but it isn’t the only one. The first step in selecting a solution is to establish a clear picture of your current capabilities when it comes to the discovery, assessment and remediation of digital risks. Frequently, organisations find that they have deep risk protection capabilities in a few key areas, but poor visibility of the less obvious security weaknesses they may have. For example, Shadow IT or Forgotten IT can essentially be invisible to an organisation. An employee’s personal mobile phone or an old website landing page can provide hackers with easy access to corporate networks because the assets concerned don’t comply with current security policies and have probably not been patched or updated regularly. This is why it makes sense to employ a DRP solution that can give you a complete picture of your organisation’s digital attack surface.
2. What resources do you have?
Most organisations have a skills and/or resources gap when it comes to man aspects of cybersecurity, including digital risk protection. Add in an increasing number of threats and alerts, and the consequence is a growing time to resolution when a security incident occurs. Therefore, the fewer resources you have or want to dedicate to monitoring digital risk, the greater the level of automation and integration you should be looking for in your DRP solution. Most of the legwork in terms of scanning and identifying threats will be automated whichever vendor you choose. But what about reporting? Is it fixed and restricted, or highly customisable? Can you integrate the tool with, for example, an IT service management solution such as ServiceNow? Every DRP management task you can automate or integrate will minimise the effort required to reduce your risk. Not only that, it will free up your resources to focus on other tasks.
3. How will you deal with false positives?
The sheer volume of genuine digital threats makes it tempting to treat every security alert as a potential attack. But do that, and IT security staff will quickly drown in a sea of false positives, slowing the reaction time to genuine security incidents. You need to ensure your security infrastructure can differentiate between risks that are relevant, accurate and immediate, so that you can prioritise which you deal with and how quickly. Increasingly, DRP solutions are using artificial intelligence and machine learning to help contextualise alerts and make the job of risk differentiation and prioritisation easier.
4. How will you handle risk evolution?
The really challenging aspect of increasing cyber threats isn’t volume, it’s rapid and continuous evolution. The days of the 'Nigerian prince' scams are coming to an end. Instead, hackers and other cyber criminals are changing the way they operate. This could mean planning attacks that occur simultaneously at multiple points all over the world, or which target specific individuals such as high-profile executives. Or it could involve automation that enables hackers to quickly assemble a complete picture of your organisation’s potential digital attack surface, including everything from servers to security cameras. Good DRP solutions also use automation for digital footprint mapping and monitoring that helps combat these threats.
5. How will you ensure compliance?
When it comes to Digital Risk Protection, compliance should never be about box checking against a notional list of capabilities that “should” be in place according to best practice. It should be focused on preventing or mitigating digital risk, wherever it originates, however unlikely. DRP solutions can help ensure compliance from a brand and security regulation perspective. Identifying genuine but poorly configured digital assets, and identifying fake web properties are two of the ways in which DRP can help organisations enforce brand compliance. From a compliance perspective, DRP solutions can present digital risks in specific formats, helping organisations prove that they adhere to compliance frameworks, such as the NIST Cybersecurity Framework and ISO27000.
Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online.
Do you want to know how you can improve your organisation's cyber resilience? If you’d like to see what we can do first-hand, you can request a free Quickscan of your company’s digital footprint.