The demand for Digital Risk Protection (DRP) is on the rise as cybercriminals are increasingly targeting businesses on channels outside the corporate firewall. According to Frost & Sullivan’s 2022 Frost Radar Global DRP Report, the traditional security perimeter has changed, and unlike phishing attacks that can be managed and mitigated through internal controls, these threats live on spaces not typically monitored by legacy security solutions. While larger industries are experiencing the brunt of malicious activity, threat actors are capitalizing on the unlimited and unchecked spaces throughout the attack surface to target industries previously lacking in the resources needed to protect their digital assets.
In this piece, we use insights from the Frost Radar Report to discuss why DRP platforms are becoming a priority for businesses and best practices to implementing a DRP strategy that all organizations can apply.
Unlimited Attack Surface
According to the report, the dynamic nature of the threat landscape and the vast number of resources it takes to monitor, analyze, and mitigate phishing attempts make it impossible for organizations to protect their external attack surface without the help of a designated DRP platform. Getting started with DRP means implementing scalable processes that will aid in the collection of online threats wherever abuse may occur. It also means the constant fine-tuning of curated analyses that will support complete mitigation. Security playbooks solely focused on threats targeting the corporate firewall will fail to address external threats.
The increased use of external channels and platforms by businesses for brand-building has led to a vast online environment where digital assets are vulnerable to impersonation and abuse. There is no defined space where abuse may occur, and a lack of understanding around what assets exist and where they might be exposed can lead to financial loss and brand disruption. Because of this, there are a wide range of use cases that apply to DRP, and it is essential security teams know which apply to their organization.
DRP use cases include, but are not limited to:
- Domain Monitoring
- Social Media Protection
- Brand Protection
- Account Takeover Protection
- Data Leak Protection
- Executive Protection
Collection
Attack volume and targets across external spaces has changed significantly in the post-pandemic world. According to Fortra’s analysts, attacks targeting businesses on social media have increased nearly 60% since the beginning of 2021. Response-based email phishing attacks, once led by costly business email compromise and advance-fee email scams, have been surpassed in volume by hybrid vishing attacks that incorporate mobile devices into traditional phishing campaigns. Even the makeup of victims on the Dark Web have shifted, with compromised data tied to smaller institutions such as Credit Unions showing a steady increase in volume. Underground incidents associated with Credit Unions have increased every quarter for five consecutive quarters.
Because of the broad scope of where digital assets may live, one of the greatest challenges to implementing DRP is collecting sufficient intelligence. Threats may live on multiple channels, with attacks incorporating more than one device. Frost Global Security Research Team advises DRP platforms should be capable of monitoring a wide range of resources including:
- Surface Web
- Dark Web
- Social Channels
- Blogs
- Data Feeds
- 3rd Party Feeds
In order to detect threatening behavior, security teams should continuously source intelligence from these channels and more, if applicable. Collection can be a vast undertaking and should include a combination of human and machine, automating processes whenever possible. Methods of collection should include free and paid data feeds, third parties, pivoting, anti-evasion, and more.
Curation
According to the Frost Radar Report, a key component to implementing DRP is the ability to convert raw data into tangible insights that are linked to an organization's external digital footprint. A significant portion of this is the human analysis of potential threats. With efficient curation, security teams will directly limit the lifespan of a threat. Ultimately, the greater volume of evidence proving malicious behavior, the higher likelihood a threat will be removed in a timely manner.
This process can be both challenging and time-consuming if an organization is gathering a high volume of data through their collection methods. In order to ease that burden, curation should include a combination of both expert human review and technology. Risk-scoring algorithms should be used to aid in the processing of data and remove false positives. Analysts should then validate those results, add context, and proceed with actioning the threat.
Mitigation
The purpose of a DRP program is to mitigate threatening materials quickly. Different threat types demand different approaches, and rapid, thorough curation is critical to achieving effective mitigation.
Mitigation should focus on three objectives:
- Removing the threat in entirety from the infrastructure it lives on
- Blocking access to the threat
- Integration with internal security controls
Because there is no set process to mitigating external threats, security teams should be prepared to move forward with multiple approaches including incorporating takedown APIs, killswitch integrations, and browser-blocking. The odds of a successful mitigation are significantly increased through communication with network providers. Nurturing those relationships will enhance a security team’s ability to have threats removed in a timely manner.
Frost analysts note that as organizations conduct more virtual interactions on unconventional channels, the risk of phishing attacks that impersonate their brand or executive has increased significantly. These attacks are more frequently occurring outside the protection of corporate firewalls, making it difficult for security teams to mitigate threats through legacy solutions. In order to find and stop these threats before a brands integrity is compromised, DRP solutions that incorporate robust collection, curation, and mitigation strategies should be adopted. Download the 2022 Frost Radar Report to read more about DRP solutions.
Interested in learning more about PhishLabs’s DRP Platform? Schedule a demo.
