Digital Risk Protection
DIGITAL RISK PROTECTION (DRP) DEFINED
The process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks.
AT A GLANCE
Digital risks exist on social media and web channels, outside most organization’s line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.
Categories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander), and physical (physical threats, natural disasters).
Due to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.
What is digital risk?
Digital risks can take many forms. Most fundamentally, what makes a risk digital? A digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.
“ZeroFOX leads the pack in social media protection and digital risk analytics. Its coverage of social channels and intelligence stands out because of its ability to protect individual social accounts and analyze unique behavioral risk indicators.”
The Forrester Wave: Digital Risk Protection, Q3 2018, named ZeroFOX a Leader. According to the report,
DIGITAL RISKS CAN BE BROKEN DOWN INTO THREE CATEGORIES:
Customer targeted scams
Fake coupons and promos
Brand or executive impersonations
Slander and abuse
Malware Leaked sensitive information
Hacktivismn & Cyber attack planning
Digital risks can be found anywhere online, but again and again social media proves to be the true breeding ground and delivery mechanism for risks. Social implies any digital interaction among real people, and for a risk to exists, there needs to be a person experiencing or affected by that risk. This can be an individual or group of individuals like a corporation or organization. For this reason, social media is a veritable petri dish of risks, and malicious actors take to social media in droves. Social media creates a frictionless, anonymous platform for risk actors and heavily stacks the cards against organizations attempting to protect themselves.
Risk Actor Advantages
Target Organization Challenges
|Social media’s ease of use and universal access lowers the technical barriers for cyber criminals. Multiple fraudulent accounts and cyber attacks can be created and launched more rapidly than ever before.||Organizations struggle to grapple with dynamic, ever-changing social media landscape. New threats must be identified rapidly and data must be ingested and analyzed in near real time.|
|Scammers can leverage hashtags or piggyback on existing popular accounts to target their scam and rapidly propagate an attack to millions of potential victims.||The scale and cross-network nature of social makes it extremely difficult to monitor manually. Automated tools must be able to grapple with terabytes of data.|
|Employees of organizations can unintentionally become risk actors by posting inappropriate or non-compliant content. On such an extremely public venue, the costs can be devastating.||Organizations struggle to react to risks immediately, before they spread across the social and digital web.|
|Risk actors, whether acting intentionally or unintentionally, enjoy near complete anonymity in the social media world.||Because these channels are unowned and exist outside an organizations technical jurisdiction, visibility is effectively non- existent, making identifying and remediating risks and risk actors a herculean task.|
Traditional social media channels include LinkedIn, Twitter, Facebook, Instagram, Google+, YouTube and Tumblr. Outside of these traditional social media channels, digital risks are propagated on any digital channels with unregulated, user-generated content. These channels can be collectively referred to as the social web. They include forums, communities and chat clients, such as Pastebin, Amazon, Craigslist, Wikipedia, 4Chan, etc.
What are the damages and costs?
Just as digital risks themselves take many forms, so too do the costs associated with them. They also span the gambit on which area of the organization business they might impact. Consider these case studies:
- A piece of malware sent via direct message on LinkedIn, could result in millions of dollars in data breach remediation.
- A pirating ring run at scale and advertised on Twitter can impact the bottom line of major media, retail or CPG organizations.
- Fake brand accounts or customer support impersonations on Facebook damage the brand, which although more difficult to measure, can have devastating costs to a organization business in the long term.
- A financial scam on Instagram that costs a bank $300 per successful scam adds up quickly when multiplied by rate of success over time, number of other scammers, other networks and other types of scams.
The cost of digital risks to organizations is largely unmonitored and unrecognized. Once organizations start to identify social and digital risks, they begin to recognize their growing frequency, their impact and, ultimately, their costs.
How are digital risks monitored and remediated
Digital Risk Protection solutions, like the ZeroFOX Platform, ingest data from the social networks and web, analyze it and alert for malicious activity, and work on behalf of the customer to remediate issues to and remove risks.
Solutions must keep up with the speed and dynamism of social media and digital channels but constantly ingesting fresh data for analysis.
Customizable configurations for deeper investigations
With vast volumes of data being ingested, solutions must be highly flexible and customizable, allowing customers to fine-tune their analysis for very specific use cases.
Sophisticated intelligence for relevant risk data
Solutions must aggregated data from a diversity of sources to provide comprehensive, contextualized analysis.
Strong ties with major channels for expedited takedowns
Solutions are only truly valuable if they can go beyond alerting and work with the channel or network to get the risk remediated.