Social media, mobile computing and cloud services have changed the way we do business. But while we take advantage of the business benefits these new technologies offer, many organisations are unaware of how they look online to the world at large and to their would-be attackers.
As we operate in this digital world we leave behind a digital footprint – an electronic trail of activities. A subset of a digital footprint, a digital shadow consists of exposed personal, technical or organisational information that is often highly confidential, sensitive or proprietary. As well as damaging the brand, a digital shadow can leave your organisation vulnerable to corporate espionage, competitive intelligence and devastating cyber-attacks launched by criminals and hostile groups.
In this digital world, protecting the perimeter is no longer sufficient. Adversaries are no longer merely watching networks and endpoints to determine how they will attack, but actively surveying digital shadows, identifying vulnerabilities and launching attacks.
Organisations need new ways to protect themselves. While cyber-threat intelligence (CTI) has helped evolve the effectiveness of our defences by providing a better understanding of threats and threat actors, we need to do more. Data feeds, vulnerability feeds, indicators of compromise (IOCs) and profiles of threats and research reports will continue to be pertinent. But what's lacking is cyber-situational-awareness that provides a more holistic and specific view of threats and vulnerabilities relevant to your organisation.
Cyber-situational-awareness can help your organisation to understand what is happening around you so that you can make better informed decisions about how to defend yourself. But it takes time, effort and resources.
So how do you move your security practices in this direction? This three-staged approach can help. And at each stage you'll see real benefits.
Stage 1 – Perception. Building on the internal information and CTI feeds you already gather to understand threats, the focus of this first stage is on understanding how you are perceived by hostile threats. By understanding where key information assets, employee credentials and sensitive documents are being exposed online, an organisation can understand where it is likely to be most vulnerable. Data sources include social media, web forums (public and private), IRC chats, email and video. The perception stage provides the basis for better cyber-situational-awareness and in and of itself provides significant new insights that you can immediately act upon to address vulnerabilities or behaviours that violate policies.
Stage 2 – Comprehension. With data about yourself and your attackers, the next step is to apply context to make sure the information is relevant and meaningful to your specific circumstances. You do this by ensuring that the intelligence directly references your organisation's brands, assets, concerns and weaknesses, systems and defences (ie, those things most relevant). Through this lens you can identify which threats pose the greatest risk and use this information to guide security investment decisions and strategies.
Stage 3 – Projection. The highest level of cyber-situational-awareness involves making educated and informed assessments about what might be around the corner to reduce uncertainty and determine what action to take to mitigate the threat. Techniques include analysis of past behaviour to predict future behaviour, identification of trends, geopolitical analysis and understanding pre-cursors of previous attacks. In the short-term, complete cyber-situational-awareness can prevent and mitigate harmful events. In the longer-term it can be used to help prioritise threat protection investments and policies.
At most organisations security resources are stretched thin. Making the best choices based on relevance to your specific circumstances isn't just a practical way to deal with the overload, but also the most effective way to address potential threats, instances of sensitive data loss or compromised brand integrity. Cyber-situational doesn't happen overnight, but with the right approach you can prevent, detect and contain cyber-related incidents today and better prepare for the future.
Contributed by Alastair Paterson, CEO at Digital Shadows