Trying to identify sources of digital risk for your organisation can feel like searching for a black cat in a dark room. And even if you have a torch, you need to be shining it in the right direction to spot the cat. And of course, it might not be sitting still….
But imagine you can simply turn on all the lights in the room – and when you do, you can see there are several black cats, as well as dozens of mice, spiders (and who knows what else) that you had no idea were there.
Taking digital risks out of the shadows
When it comes to your organisation’s digital footprint, consider each of these metaphorical “creatures” to be a digital risk of some kind – a phishing website, a chat on the dark web about targeting one of your executives, and so on. In this scenario, a cybersecurity “torch” is better than nothing. But a solution that can turn on all the lights in the room and help you remove anything you want to eliminate is a whole lot better.
The industry experts behind the 2019 Cyber Security Risk Report1 from professional services firm Aon, agree: “In 2019, the greatest challenge organisations will face is simply keeping up with and staying informed about the evolving cyber-risk landscape.” In other words, digital risk transparency is everything. Because what you can’t see, you can’t protect against. So, how do you go about turning on the lights and cleaning up in the big, scary room of digital risks?
Step 1 – Turning on the lights
The first step is to use a tool that scan your organisation’s digital footprint comprehensively, across the surface web (standard, open websites), deep web (areas of the web that are gated such as intranets, membership sites, etc.) and dark web (anonymised websites, chatrooms and marketplaces that are only visible using special web tools).
Step 2 – Cleaning up the room
Once you have identified what’s there – phishing websites, legitimate URLs with out of date security certificates, marketplaces selling counterfeit goods and the like – you can start allocating different resources to take the appropriate action. These tasks will include updating software, removing abandoned websites, notifying web hosts about illegal activity, and so on.
Step 3 – Check and validate
Ensuring that your digital risk protection solution continues to scan the environment even as you are eliminating risks ensures you can see which have been addressed, which have moved, and which new risks have appeared since the initial scan. New tasks can be defined as a result.
Step 4 – Mitigate for the future
Once you have achieved risk transparency, you need to maintain it. This means taking the actions necessary to ensure certain risks cannot reoccur at all, or can be dealt with easily and quickly when they do. This could include, for example, putting an automated process in place for renewing website security certificates.
Integrating your threat defences
However, for most large organisations, this is not the whole story. To maximize the return on an investment in digital risk protection, it’s important to be able to integrate your capabilities with a SIEM (Security Information and Event Management) solution or IT Service Management platform. This integration can add, for example, proactive threat alerts and the identification of device-based threats. This combination can further strengthen defences against the ever-broadening range of digital risks that organisations face. Not only does this help companies avoid the significant costs of a successful security breach, it can also deliver business value in other ways, such as streamlining security processes, improving the accuracy of decision-making and lowering overall business risk.
Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online.
Are you looking for a more complete picture of your organisation's assets? Our DRP platform will discover, assess and remediate online risks to your brand. Click below to request a free Quickscan for your organisation.
1 2019 Cyber Security Risk Report, Aon plc 2019: https://www.aon.com/getmedia/51bff3db-20ea-46dd-a9aa-1773cfe089ce/Cyber-Security-Risk-Report-2019.pdf.aspx