Back to all blog posts
Jun 5, 2017
Cybersecurity and Ransomware: Understanding Cyber Threats, Monitoring Data Leakage and Monitoring Reputational Damage
Organizations around the world were recently (and rather rudely) reminded of their data vulnerability when WannaCry unleashed its international ransomware attack that seized data remotely and demanded a ransom for its release. This attack provided an important reminder of the risks associated with data breaches and it forced many organizations to take a cold, hard look at their data protection strategies.
In light of this incident, there has arguably never been a better time for organizations to prioritize monitoring and managing digital risk. A recent report published by Digital Shadows (the “Report”) highlights the need for more sophisticated strategies as organizations’ digital footprints continue to expand at an overwhelming rate. As their digital footprints expand, organizations are exposed to new levels of external risk that are not adequately protected by traditional tactics.
A digital footprint is comprised of information left behind as a result of an organization’s or individual’s online activity – it exists outside the boundaries of internal protection. Employees, suppliers and many others with access to corporate data contribute to an organization’s digital footprint on a daily basis, and they (often unknowingly) expose sensitive information in the process.
While most information in the digital footprint is benign, there is a significant portion that is not. Threat actors focus on a subset called the ‘digital shadow,’ which includes exposed personal, corporate or technical information. Usually this information is highly confidential, sensitive or proprietary. Information left exposed in the digital shadow can be embarrassing for a company and can be leveraged by attackers looking to exploit, launch ransomware or other cyberattacks.
At the same time, organizations should be mindful that cyber-attackers are leaving their own digital footprints and digital shadows behind. The Report suggests that the most effective external digital risk management strategies involve monitoring this activity in order to gain insight and plan defensive strategies.
At a basic level, the Report suggests that external digital risk management requires identifying, assessing and taking steps to mitigate risk exposed by the digital footprint. More importantly, however, external digital risk management should involve: 1) understanding cyber threats, 2) monitoring data leakage, and 3) monitoring reputational risks.
Understanding Cyber Threats
According to the Report, tailored threat intelligence capability is the key to understanding cyber threats. Such intelligence should be premised on four main areas:
- Indications and warnings;
- Actor profiles;
- Campaign profiles; and
- Emerging tools.
In order to leverage threat intelligence, organizations should adapt their approach to their particular business. Further, they should focus on who the threat actors are, what they are planning, what tools they are using, and what tools may be developed in the future. Simply receiving generic information is not enough. Involving human analysts in the process, it is suggested, will help weed out irrelevant information and ultimately deliver capable and tailored intelligence.
Monitor Data Leakage
Organizations should be vigilant about monitoring data leakage, since attackers can use leaked data to their advantage. The Report suggests focusing on sensitive code, private encryption keys, employee credentials, confidential documents, intellectual property, and social media over-sharing. These areas of data leakage leave organizations particularly vulnerable, not only to attackers who seek to leverage this information in targeted cyber-attacks, but also to competitors and corporate espionage. Knowing the type of information leaked can provide insight into how the information might be used against you in the future.
Knowing when, where and how this information has been leaked is critical to implementing effective mitigation tactics. For example, if employees are leaking sensitive confidential information through the use of personal email or social media, organizations should be aware of this so that they can implement training and disciplinary procedures to counteract the behaviour.
Monitor Reputational Damage
Finally, the Report suggests that monitoring for reputational damage is a key component of effective external digital risk management. Organizations should be aware of ways by which their goodwill and branding are being leveraged online. According to the Report, the top five risk areas include:
- Domain infringement;
- Spoofed profiles;
- Brand defamation; and
- Mobile application issues.
Being able to monitor and detect these activities can not only mitigate reputational damage, but also the negative impact on employees and customers.
In the context of cybersecurity, risk is a well-developed concept. The Report suggests that all risk management strategies should take into account external digital risks. As organizations continue to expand their global online presence and digital footprint, risk mitigation strategies must continue to evolve at the same pace.
As set out in another article recently published on The Spotlight, there are many ways to ensure your organization’s data is adequately protected in order to prevent costly data breaches. Organizations need to recognize the true scale of the cyberattacks they face, adapt to the changing landscape, and incorporate these best practices to protect their bottom line from the costs of data breaches.
*This article was co-authored by Amy Marcen-Gaudaur. She was a 2016/2017 articling student at Aird & Berlis LLP.