Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Digital risk management on the core of cybersecurity

9/30/2020

Technical contribution
Management, Awareness and Compliance

Digital Risk Management: Four Steps to Implementing Cybersecurity

Organizations are looking at new ways to deal with their heightened exposure online. Here are four steps to achieve visibility into threats and manage digital risks.

Digital transformation touches all aspects of the business, and every new technology, connection, or application results in increased complexity. Accompanied by a more acute threat, this transformation frequently leads to the loss of sensitive corporate data, violation of privacy laws, and damaged reputations. It also means that a physical network no longer determines the organization’s boundary; the very data organizations seek to protect is spread across third parties, social media, mobile devices, and the cloud.

itsa 365: Ten sectors with most frequently breached credentials

15 billion exposed credentials: Technology companies affected the most

15 Billion Usernames and Passwords on Offer

In fact, Digital Shadows found more than 15 billion credentials in circulation in cybercriminal marketplaces, many on the dark web – the equivalent of more than two for every person on the planet. The number of stolen and exposed credentials has risen 300% from 2018 as the result of more than 100,000 separate breaches. Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere. These incidents put everyone in the organization at risk – from the C-level to different departments and locations down to suppliers, partners and customers.

In order to deal with the heightened exposure their organizations’ digital infrastructure, assets, and accounts face online and fix issues before bad actors exploit them, digital risk management becomes essential. There are four steps to achieving this visibility into digital risks.

1. What Are Your Critical Assets, and Where Are They?

This first step is, of course, understanding what an organization considers to be their critical assets. This will vary from organization to organization. For a technology or pharmaceutical company, it might be their patents and intellectual property. For a retail company, it may be upcoming product names and their customer websites. For an investment bank, it might be a pending merger or acquisition. A useful exercise for organizations is to begin thinking about the type of sensitive data you hold, and how this might be appealing to a range of threat actors. From there you can think about the ways adversaries might access this information, and where you might be exposed.

2. What are the Threats to Your Business?

Adversaries understand the value of this exposure and look to exploit it, but what they target will vary based on the adversary’s motivation and goals. The ability to understand the threat is a key part of calculating risk, and there are a number of factors to consider when assessing it; we need an understanding of a threat’s behavior (capabilities and tactics), motivations, and the opportunities the threat may exploit. The broad discipline of Cyber Threat Intelligence, if executed effectively, can provide useful insight into these threats.

3. How is Your Business Being Exposed?

Data always ends up online. For example, contractors often back up proprietary information on their misconfigured file sharing drives, employees over-share on social media, or developers expose sensitive code on code sites. To give a sense of scale, this is what a typical mid-sized organization finds in one year with Digital Shadows: 290 spoofed domains or social media accounts, 180 certificate issues, 84 exploitable vulnerabilities, 360 open ports, 100 exposed business documents.

4. How Can You Protect Your Organization?

Next, organizations need to find ways to protect themselves against this heightened exposure. There are three ways organizations that we have worked with have mitigated their exposure: detecting data loss, reducing their attack surface and securing their online brand. If risks can be managed at a business level, organizations can mitigate risks at an early stage, take action and protect their company.

You might also be interested in

10/31/2023

Hacking attack on Marc O'Polo - what you can learn from it

In 2019, a hacker attack paralysed the fashion company Marc O'Polo. Dr Patric Spethmann, COO and ...

9/18/2023

KRITIS Dachgesetz (CER law) brings new duties, measures and consequences

The German KRITIS-Dachgesetz (CER law) imposes new obligations on operators of critical infrastru...

9/18/2023

KRITIS-Dachgesetz (CER law) aims to improve security - and throws up surprises

The Federal Office of Civil Protection and Disaster Assistance and the Federal Office for Informa...

8/9/2023

IT security in companies: Awareness is becoming more and more relevant

The increasing dependence on information technology has multiplied the importance of IT security ...

7/17/2023

Cyber attack: Why the emergency plan is crucial

The relevance of emergency prevention is emphasized by security specialists, because after a succ...

Your digitale "Home of IT Security"

Send message to