Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Zack Allen
Zack Allen
Connect Directly
E-Mail vvv

How to Protect Your Organization's Digital Footprint

As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.

In today's ecosystem, security teams must expedite digital transformation initiatives to ensure collaboration and productivity among remote employees while continuing to service clients. Correspondingly, the digital risk landscape continues to evolve rapidly, making it difficult for businesses to monitor external, unregulated channels for risks that affect their business, employees, or customers.

While the adoption of public platforms such as social media, websites, and mobile applications have enabled businesses to maintain relationships with customers, they have also provided new intrusion vectors. As the digital landscape expands, many consumers and employees are not aware of the full realm of digital threats and how to mitigate them. Despite this growing landscape, phishing and fraud campaigns continue to be reliable and widely leveraged tactics, demonstrating the need for security teams to continue focusing on addressing these threats effectively.

Security teams looking to mitigate digital risks and develop their digital risk protection plans can consider the following guidance.

Related Content:

Navigating the Security Maze in a New Era of Cyberthreats

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 2021 Security Budgets: Top Priorities, New Realities

Improve Awareness Training and Also Reward
One phished email can bring down an entire network: All it takes is a few milliseconds to misjudge an email, and suddenly malware finds its way to a company's endpoints. IT and security teams conduct employee training to prevent phishing attacks through email; however, phishing has expanded far beyond the traditional email setup.

Employees and consumers are falling victim to phishing attacks via social media, and other fraud campaigns have extended across digital channels. Improving employee training helps enterprises keep up with the ever-changing threat landscape. The accelerated adoption of social media, mobile apps, Web marketplaces, and other digital platforms by employees and customers is proof that the old-school ways of educating and building awareness are no longer sufficient.

Reward employees for making the right choices. Giving out digital swag to folks who routinely report phishing attempts creates a positive reinforcement cycle that often outlasts the impact of security awareness training.

Spot Vulnerabilities in Your Security Stack
Attackers' methods and techniques have advanced, and the platforms where they launch attacks have multiplied. Security teams can no longer rely on spam filters and email blockers to effectively address phishing and fraud attacks.

Consequently, teams should step back and evaluate the tools in their security arsenal. They need to ask themselves if their current solutions have adequate coverage for phishing links, text and image analysis, or visibility across social media, domains, the Dark Web, and beyond. Teams need to spot the gaps in their security stack before they become tomorrow's headline.

Know What Makes You Vulnerable
Waiting to take action until a security breach happens is a losing game. Security teams must recognize the individual vulnerabilities that cause an attacker to target their business and prioritize their security strategy around those vulnerabilities.

As digital transformation continues to revolutionize how businesses operate and implement new systems and procedures, prioritizing security strategy development is required. Exposure can come from many avenues. For example, executives with large followings on social media or digital financial services are popular targets because they represent lucrative avenues. Mapping an organization's digital footprint can help answer why a company may be a potential target of a phishing attack or fraud campaign. This can weed out possible lapses and determine where exposures lie.

Develop a Mitigation Strategy
While identifying phishing and fraud attacks is vital to any enterprise's survival and consumer trust, the other part is having a comprehensive mitigation strategy to reduce risk and disrupt threats. The type of attack, the target (e.g., employee, executive, data, customer), the platform, and the risk rating are all material to your strategy.

Mitigation strategies should focus on dismantling the attacker's infrastructure at its source. While blocking and spam filtering serve to address individual threats, they do little to thwart attackers from launching future attacks. By working with domain registrars to remove malicious sites and with social networks to disable fraudulent profiles and posts, security teams can disrupt an attacker's entire campaign more effectively. Effectively mitigating phishing and fraud campaigns is a group effort. Digital risk protection service providers can help alleviate the time and resources required to identify and react to risks, including working with platforms to have threats removed.

Looking Beyond
Every organization's ultimate goal is to protect consumers and their information while preserving revenue and credibility. The reliance on social, mobile, and digital channels to conduct business has created the perfect opening for threat actors. Organizations must take every precaution and protection measure possible to prevent and disrupt attacks. As the frequency of attacks rises, organizations need to stay vigilant in identifying and remediating online threats.

Zack Allen is the Director of Threat Operations at ZeroFOX, a global leader in digital risk protection. He is also President, Founder, and Board Member of the Security Practices and Research Student Association (SPARSA). Previously, he was a Senior Security Researcher for Fastly. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.