Businesses are accelerating their digital transformation, seeking to leverage their online presence to enrich products, deepen customer relationships, and boost their brand ecosystems.
However, with this rapid growth comes difficulty. As organizations expand into digital channels, their digital footprint, i.e., all their external-facing assets including websites, email servers, social landing pages, and pages created outside proper protocol, also expands to potentially unmanageable proportions.
Cyber adversaries are taking advantage of this sprawling new external-facing attack surface, which is nearly impossible to identify and defend without an internet-scale view of it beyond the corporate firewall. In fact, according to the 2017 Verizon Data Breach and Incident Report, more than three-quarters of the incidents that lead to data breaches originate externally.
My team and I set out to better understand the scope of this problem and conducted a recent survey and look at how well-prepared security teams across global industries are regarding their controls, processes, and investment. Overall, the survey's findings revealed a bleak outlook of organizations' digital defense posture, with many finding themselves overwhelmed by the scale and tenacity of modern digital threats while lacking confidence in the ability of their processes, systems, and tools to address them.
The results show that as cybercriminals are becoming more capable and organized, businesses are recognizing that external digital threats are a real and present danger. One in six organizations had five or more significant security incidents in the past 12 months, a fact that's consistent with our findings from previous reports, which show a rise in phishing and malvertising incidents and mobile threats related to adware and banking Trojans. Also, over half cited frequency and severe impact of malware, phishing, domain infringement, scams, and rogue mobile and brand abuse.
As a result of this onslaught of external threats, almost half of the survey respondents plan to increase digital defense investment by up to 25 percent in the coming year. However, increasing operational complexity has affected security capacity, and despite this increased spend, nearly the same number of respondents perceive prevention, identification, diagnosis, and remediation of digital threats as more challenging than two years ago.
With more money and fewer results, we now live in a world where, despite pouring more money into it than ever, most security professionals lack confidence in reducing and protecting their digital attack surface. This contradiction in efficacy and investment compared to where incidents have been most impactful is a fact that can prove costly—especially as regulatory bodies begin to crack down.
One issue causing this gap is the fact that digital threats and exposures—those originating outside the firewall—are harder to discover, validate, assess, and remediate than traditional threats. Security incidents are often related to assets, from vulnerable web components and apps, rogue mobile apps, and social profiles, to domain abuse, affiliate sites, and malvertising, that are not easily visible, known, or under control of IT—if even owned by the company. More so, new and evolving privacy governance rules, such as GDPR, require added digital due diligence.
While external threat management is a relatively new discipline for many information security teams, its importance in today's digital age can't be underestimated. For cybersecurity to keep up with digital transformation, an organization's external threat management strategy needs to account for:
Knowing the internet: To fully know one's digital footprint requires constantly scanning the entire internet and experiencing it as a real user. The best tools scan and interact with each of the billions of web pages, tweets, Facebook pages and other public-facing content associated with a brand.
Having comprehensive intelligence: Being able to automatically connect the dots for analysts, giving each staff member a higher level of understanding by linking internal events with related external attackers, infrastructure, and exploits.
Having a unified toolset: Consolidating and standardizing tools so that each team has an efficient and automated way to link internal controls, asset management, threat detection, incident response, and active monitoring.
Boosting efficiency and interoperability: Minimizing time to detection and time to response by eliminating rework and providing continuous visibility. Each action taken by a security team should inform the next, and tools must be able to follow the processes and link the activities required to discover your attack surface, detect threats, mitigate them, and ensure they don't reappear.
Today's digital threat landscape brings a host of new challenges, requiring organizations to adopt a new and different approach to responding to external threats. Organizations must still account for investments in layered defenses to protect users, systems, and data behind their perimeter, but having access to robust cyber threat intelligence and an integrated toolset will enable a reduction in the time to respond to threats. It will also enable interoperability between digital threat intelligence tools and existing internal security tools, which is key to ensuring a strong approach to strengthening enterprise digital defenses.
While research on the level of preparedness to defend against modern digital threats is both eye-opening—and a little disturbing, I'm encouraged that organizations now realize they may lack the tools necessary to defend themselves in this new era of cyber security. As it stands, most security teams lack confidence in their ability to identify, proactively monitor, and automatically respond to external threats. However, corporate leadership and IT security professionals should feel empowered to examine how their organizations are protecting their businesses and validate the need for discovery, monitoring, and investigation capabilities.