Fortra's Managing Director for Fortra’s Digital Risk and Email Protection, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One key reason to create such a plan is that, in today’s world, an enterprise organization’s digital footprint is vast and constantly expanding.
Consider, for example, the average employee who receives around 90 emails daily and sends about 40 in return. Now think about the social media team and other employees-every minute, X (formerly Twitter) alone sees approximately 350,000 new tweets. The immense volume of activity creates a significant amount of white noise, making it challenging to identify potential risks that could impact the business. According to Hudgins, while most of this data is harmless, the sheer volume of benign information can itself create problems.
To that end, he provided the following tips for better detection and collection of digital risks, which will minimize white noise and allow teams to focus only on priority issues:
Ensure Sufficient Threat Vector Coverage for Your Digital Footprint
Does your marketing team monitor social media? This is a common situation, but typically they are not trained to spot or even handle digital risks. Risks such as spoofing to doxing can impact a brands reputation. Organizations need a process in place to escalate these kinds of risks to a security team.
Balance Source Data Scale and Fidelity
Every security team has limits around how much data they can process and respond to. Teams simply need to be realistic in how much effort they can expend on data analysis.
Go on the Offensive with Proactive Detection
Digital risks can be monitored passively but preventing them requires a proactive approach. By identifying new phishing domains as soon as they appear or detecting data being sold on the dark web early, a team can be better prepared to mitigate their potential impact.
Leverage Both People and Technology
People are flawed. Technology is flawed. Together, they create a complex system where each can compensate for the other's weaknesses. By building an experienced team of security professionals and equipping them with the right tools, digital risks can be more effectively mitigated.
Constantly Monitor Threats for Changes in Tactics
In the past, we've highlighted how threat actors take proactive measures to hide their footsteps. This is becoming more frequent, and because of these blocking techniques, it can be more challenging to detect and collect phishing threats. However, there are ways around these techniques, and building these into the collection process are now necessary.
The Least Visibility
Phishing threats continue to be one of the largest forms of digital risks for enterprise organizations. It should come as no surprise that when we asked X users what threats they had the least visibility into that phishing (34%) topped the list. However, coming in a close second is social media (30%), which has become a necessary component for most modern enterprises. Both mobile and domain name-related risks tied for the number three spot.
The Biggest Digital Risks
In addition to asking organizations about the areas where they have the least visibility, we sought to identify the biggest social media-related risk facing their teams. According to the promoted X poll, doxing stands out as the most prevalent concern by a wide margin.
Doxing is of course when someone or a group of people share private information (PII) about a person or organization with malicious intent. For enterprise organizations, this can be a particularly nasty situation for executives. In second, but at a significantly smaller share of the pie, people also said that employee use of social media was also a concern.