Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
It seems a cybersecurity team’s work is never done.
Whether they originate within a company’s network or outside of it, cybersecurity experts need to prevent known vulnerabilities from becoming exploited resulting in a breach as well as anticipate unknown cyber threats from compromising the company’s security, reputation, and revenue. “Holistic” is the name of the game — from top to bottom these teams need to consider everything that could go wrong, then implement an effective plan to push back against it.
However, it’s hard to take initial action when your scope only includes your internal network, which is the case with far too many cybersecurity teams. That’s why we’ve outlined the top five priorities for all companies to manage their entire digital attack surface for maximum efficacy. The timeless adage tells us that a journey of a thousand miles begins with a single step, and it’s no different in this case either.
So while some organizations have developed a mature digital attack surface management program, others are just starting on the journey, evaluating the scope of their program and identifying where to start. For those organizations, it’s important not to get overwhelmed when considering the cybersecurity health of your business. Just start here and take action.
It’s crucial nowadays to understand which digital assets belonging to your organization are exposed to the internet; in other words, what your organization looks like to customers and would-be cyber attackers. A business’s internet presence consists of known, unknown, unsanctioned, and often poorly maintained internet-facing assets. You need to catalog all of them! Shadow IT, M&A, and a lack of standard commissioning processes mean that cybersecurity teams have an incomplete view of their digital attack surface and its weaknesses.
Regardless of their efforts, they can’t protect what they don’t know about. Cyber attackers perform reconnaissance to exploit unknown, vulnerable, and unmonitored websites, as well as their applications, forms, and underlying infrastructure.
According to Verizon, 70% of all successful breaches today originate on the internet. That’s why companies should do what the bad guys are already doing: map their digital attack surface in pursuit of potential vulnerabilities.
With your digital attack surface mapped and your vulnerabilities identified, it’s time to reduce them and make yourself a smaller target for hackers. Your team must first have an accurate inventory of assets exposed to the internet, then enrich that information by tagging geographical locations, business units, and owners. This exercise will let you systematically improve your cybersecurity posture by addressing specific types of weaknesses, including:
It no longer matters if an asset lives within a network or beyond the firewall. If it belongs to your organization, it’s imperative that you maintain its compliance with internal standards and third-party regulations. Organizations are already facing fines for breaches that originate outside the firewall.
More regulations will be put in place to protect customers from cyber threat actors targeting businesses going forward. Organizations need to be able to stay within GDPR, OWASP, and internal compliance guidelines to avoid potentially devastating penalties.
Your customers fundamentally interact with your business outside your firewall. As indicated by the massive GDPR fine against British Airways, you’re responsible for their safety and online experience. This obligation includes protecting them from cyber threats that belong to you but reside outside the network, like crypto miners, malicious code injections, and Magecart.
But this responsibility also extends to assets that don’t belong to you. These rogue assets mimic your brand and target your customers. Even though your organization didn’t develop them, they’re a part of your digital attack surface anyway. These include typo-squatting on various domains and subdomains, developing fraudulent mobile apps, publishing phishing sites, and operating infringing social media accounts.
Organizations require rich internet data to be automatically accessible by their other cybersecurity tools to give them full visibility of their digital attack surface and add an “outside the firewall” context to other security functions. By enhancing existing systems and processes with this data, organizations can bring internet visibility to a range of additional cybersecurity and IT operations tools to enrich the information they deliver, accelerate response or mitigation, and improve the organization’s cyber effectiveness.
Some common applications are:
Due to cloud server migration, hosting, and other digital media initiatives, millions of assets appear on the internet every day, and they’re entirely outside the scope of firewalls and endpoint protection. A business’s digital attack surface extends from the internal network to the farthest reaches of the internet, where cyber attackers have all the visibility. Cyber security teams are now responsible for defending this enormous swath of digital real estate with the same scrutiny as their internal networks.
Fortunately, despite this drastic increase in what cybersecurity teams are now tasked with protecting, basic tenets of cybersecurity haven’t changed. With the right tools, cybersecurity teams can apply the same rules that keep their internal networks safe to their entire digital attack surface.
Don’t get overwhelmed on your way to a robust digital attack surface management plan. Just get started!
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe