The events of 2020 have accelerated most organization’s digital-first operational strategy, forcing security teams to speed digital transformation initiatives to ensure collaboration and productivity among remote workers. This is necessary, not only for efficient online customer engagement, but to further streamline partner ecosystems and supply chains. However, this new digital-first world also provides adversaries with new opportunities to attack businesses and consumers, catalyzing the need for innovative threat intelligence and risk management tactics — in essence, organizations need a new type of protector: digital risk protection services.
Digital Risk Protection (DRP) services are needed alongside threat intelligence programs to protect public platforms, like social media channels and websites, from malicious activity. This includes mapping an organization’s digital footprint, monitoring for abnormal activity, mitigating credible threats and managing ongoing security efforts. The emergence of this solution category is a direct result of the influx of threats flourishing on public platforms, and a general lack of critical resources organizations are able to allocate to remediation on public applications.
As a leader in this new category of security, ZeroFox has made significant innovations over the past several months to map, monitor, mitigate and manage credible threats to brands and executives online. Let’s take a look at how the threat landscape has changed and how innovative solutions in the DRP space are most equipped to mitigate digital threats.
The Emergence of the DRPS Category
The world’s leading research and advisory company, Gartner, recently reported digital risk protection services as a solution category (Gartner subscription required) and projected that, “By 2025, the target audience for digital risk protection services (DRPS) will increase to 10%, up from 1% today.”* The report goes on to say that, “The increasing interest in DRPS has been driven by DRPS ability to support a broad range of use cases and roles…Demand for DRPS has also been driven by the accessibility of such an offering for those small and midsize enterprises that originally could not benefit from TI services due to lack of specialized skills and resources on security. This is because of the less technical and more accessible nature of the intelligence made available by many DRPS providers.”*
The emergence of the new DRPS solution category comes at just the right time. During the first half 2020, ZeroFox saw a 95% increase in executive-related threat activity over the prior six month period. Considering that there are roughly 317,000 status updates, 400 new users, 147,000 photos uploaded, and 54,000 shared links every 60 seconds on Facebook alone, it’s impossible for security teams to successfully identify new threats on public applications through manual efforts (Source: Omnicore Agency). If an organization is lucky enough to identify emerging threats on social media in particular, the remediation efforts gobble up time and resources that practitioners are often short on.
The level of content that is shared on public avenues, like social media channels, websites, email, mobile apps and more creates a ripe area for adversaries to slip through the cracks. The public nature of these threats make them formidable opponents to a security team’s efforts. That’s why industry leaders are defining DRPS providers as top companies for 2020 and beyond. The value that a DRPS provides to a security team to protect their organization’s information and reputation is unmatched.
Digital Risk Protection Thwarts Modern Adversaries
2020 has brought an onslaught of new challenges online. Threat actors are using familiar tactics, like phishing attempts and account hijacking, combined with newer tactics such as multi-vector attacks (orchestrated simultaneous attacks across multiple digital channels such as email, web, and social media) to reap larger rewards in the digital ecosystem.
On social media specifically, the pandemic has led to a rise of misinformation across platforms, highlighting the need for new levels of protection. For example, in the chaos of the pandemic, millions have sought face masks and other CDC recommended products to stay safe. Threat actors capitalized on this by “selling” face masks through marketplaces, like Facebook marketplace, in order to capture personally identifiable information (PII) and credit card information and never deliver the products purchased.
Security teams that have DRP services in place have been well-equipped to quickly identify impersonated accounts on the digital space and take down ads for counterfeit goods without overextending their own resources. Agile DRP services can also smooth peak demand periods. For instance, ZeroFox recorded a major spike in COVID-related threat activity and allocated additional resources to ensure that our OnWatchTM managed services team were able to effectively triage alerts and remediate threats for customers despite a significant increase in volume.
ZeroFox’s Commitment to DRP
DRPS is no longer regarded as a “nice to have” software, but rather a critical component of your security defenses. In fact, proposed NIST revisions regard social media and website protection as well as threat intelligence as a required component of a government security team’s techstack. With the addition of managed services and account management representatives, practitioners using DRP will feel more confident that their security is being taken seriously and their organization is protected.
With ZeroFox, DRP service is not a standalone product. ZeroFox customers receive global threat intelligence from Alpha Team experts to discover emerging threats online — for example, early on in the pandemic the team identified a surge in threat activity and phishing kit development. With new advanced threat intelligence offers, like custom threat analysis, ZeroFox users have the tools they need to proactively address threats targeting their organization.
As a newly appointed “Technology Pioneer” within the World Economic Forum, we’re inspired to continue to make waves in the digital risk protection space to ensure our customers are protected. As part of our commitment to innovation, we’re proud to unveil a new website that prioritizes our threat research and digital risk protection best practices.
Interested in learning more about ZeroFox’s DRP services? Check out ZeroFox’s digital risk protection resource page here.
*Gartner, Emerging Technologies: Critical Insights in Digital Risk Protection Services, Ruggero Contu, Elizabeth Kim, 2 July 2020