Digital Risk Protection
DIGITAL RISK PROTECTION (DRP) DEFINED
The process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks.
Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.
Categories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander), and physical (physical threats, natural disasters).
Due to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.
What is digital risk?
Digital risks can take many forms. Most fundamentally, what makes a risk digital? A digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.
The Forrester Wave: Digital Risk Protection, Q3 2018, named ZeroFOX a Leader. According to the report, “ZeroFOX leads the pack in social media protection and digital risk analytics. Its coverage of social channels and intelligence stands out because of its ability to protect individual social accounts and analyze unique behavioral risk indicators.”
DIGITAL RISKS CAN BE BROKEN DOWN INTO THREE CATEGORIES:
RevenueCustomer targeted scams
Fake coupons and promos
BrandBrand or executive
Slander and abuse
Leaked sensitive information
Cyber attack planning
|Risk Actor Advantages||Target Organization Challenges|
|Social media’s ease of use and universal access lowers the technical barriers for cyber criminals. Multiple fraudulent accounts and cyber attacks can be created and launched more rapidly than ever before.||Organizations struggle to grapple with dynamic, ever-changing social media landscape. New threats must be identified rapidly and data must be ingested and analyzed in near real time.|
|Scammers can leverage hashtags or piggyback on existing popular accounts to target their scam and rapidly propagate an attack to millions of potential victims.||The scale and cross-network nature of social makes it extremely difficult to monitor manually. Automated tools must be able to grapple with terabytes of data.|
|Employees of organizations can unintentionally become risk actors by posting inappropriate or non-compliant content. On such an extremely public venue, the costs can be devastating.||Organizations struggle to react to risks immediately, before they spread across the social and digital web.|
|Risk actors, whether acting intentionally or unintentionally, enjoy near complete anonymity in the social media world.||Because these channels are unowned and exist outside an organizations technical jurisdiction, visibility is effectively non- existent, making identifying and remediating risks and risk actors a herculean task.|
WHAT ARE THE DAMAGES AND COSTSJust as digital risks themselves take many forms, so too do the costs associated with them. They also span the gambit on which area of the organization business they might impact. Consider these case studies:
- A piece of malware sent via direct message on LinkedIn, could result in millions of dollars in data breach remediation.
- A pirating ring run at scale and advertised on Twitter can impact the bottom line of major media, retail or CPG organizations.
- Fake brand accounts or customer support impersonations on Facebook damage the brand, which although more difficult to measure, can have devastating costs to a organization business in the long term.
- A financial scam on Instagram that costs a bank $300 per successful scam adds up quickly when multiplied by rate of success over time, number of other scammers, other networks and other types of scams.
The cost of digital risks to organizations is largely unmonitored and unrecognized. Once organizations start to identify social and digital risks, they begin to recognize their growing frequency, their impact and, ultimately, their costs.
HOW ARE DIGITAL RISKS MONITORED AND REMEDIATED?
Digital Risk Protection solutions, like the ZeroFOX Platform, ingest data from the social networks and web, analyze it and alert for malicious activity, and work on behalf of the customer to remediate issues to and remove risks.
Solutions must aggregated data from a diversity of sources to provide comprehensive, contextualized analysis.
Solutions must keep up with the speed and dynamism of social media and digital channels but constantly ingesting fresh data for analysis.
With vast volumes of data being ingested, solutions must be highly flexible and customizable, allowing customers to fine-tune their analysis for very specific use cases.
Solutions are only truly valuable if they can go beyond alerting and work with the channel or network to get the risk remediated.