Social media and the web have made it easier than ever for businesses to find and engage customers. But these digital tools have also opened pathways for attackers to find and engage your employees, partners and customers.
The risks are wide ranging. In some cases, attackers register fake “look alike” web domains to impersonate your brand and host phishing pages. Or they create fake social accounts and pose as customer service to gain access to your customers’ confidential information. Social account hacks are an infamous PR nightmare that nobody wants to clean up. And tools and templates for launching many of these attacks are easily obtained on the darknet, making the barrier to entry quite low.
A comprehensive security program includes a solution for finding and responding to these digital risks. With the right tool, you can give your customers a great digital experience without exposing your business to unfettered risk.
Every digital risk solution is a little different. Here are three things to consider when evaluating your options:
First, look at data sources.
Some solutions focus on finding threats on a specific channel, such as social media. Others scan an array of channels to provide protection across your digital footprint. There’s no “right” answer. But consider this: even on channels where your business does not have an official presence, like the darknet, bad actors can defraud your brand and customers or plan attacks on your personnel and infrastructure.
Data quality is important, too.
For example, for domain or darknet threats, evaluate the size of each solution’s database, what types of information it includes, and how often it is updated. For social media, ask whether the vendor uses open APIs or a licensed data source. Open APIs tend to limit the amount of data a vendor can collect.
One reason you may want to opt for a digital risk solution with broad coverage: these products often integrate data between sources to help develop the full picture of a threat. For example, this could include telling you whether a suspicious domain is sending email or if it is appearing in URLs on social media. With this context, you can better prioritize your response.
The next question is what the solution does with that data.
In other words, what threats does the solution glean from its data sources? Here are some common examples:
- Brand Impersonation (social and domains)
- Executive impersonation (social)
- Social account hacks
- Malicious social content
- Phishing domains
- Domains selling counterfeit goods
- Leaked data
You may not be concerned about every one of these risks. If you’re a financial services firm, for example, you’re probably going to care a lot about phishing pages or brand impersonation on social. If you’re a trucking and logistics company, you’re probably more concerned with threat actors registering fake domains to send write transfer requests to your partners or supply chain.
Document the risks that matter most for your business and use that as your guide.
Digital threat intelligence can quickly turn into noise if data is not classified accurately. So, a solution is only as good as its ability to weed out false positives. For example:
- Is that lookalike domain simply a trademark violation by a well-intentioned fan? Or is it a phishing page targeting your customers?
- Is that Twitter post about a demonstration at your headquarters a sales rep promoting his next webinar? Or is it an impending protest that may disrupt your operations?
Simply looking for keywords within data is not enough. Some solutions reduce false positives with advanced technology such as natural language processing and machine learning. These solutions will analyze the context of potential threats, not just the content, and surface relevant information to your team.
Other solutions use humans to analyze the context of threats and reduce false positives. This can produce a very high level of accuracy. But human analysis is costly and hard to scale.
Robust digital risk solutions don’t just find threats. They give you the tools to respond to them.
This could mean taking down a fake social account or domain. It could also mean responding rapidly to attacks on the digital properties that you own, like social media accounts.
Social media threats can easily go undetected. It’s not always obvious when someone posts a malicious link in a comment on one of your posts, especially if you regularly get hundreds or thousands of comments. And you won’t necessarily know if someone logs into your account using stolen credentials. By the time you find out, the damage could be significant.
Fortunately, technology can find and respond to anomalies much faster than any human. Some digital risk solutions will monitor your accounts, learn your normal behaviors, and respond when they detect something out of the ordinary. This could include:
- Locking down an account upon signs of a takeover
- Removing malicious content from comments and replies
- Blocking commenters that spam your posts
Most Digital Risk solutions also enable you to pursue takedowns of domains and social accounts impersonating your business or key personnel. This can be a lengthy and time-consuming process, sometimes involving lawyers and courts.
To maximize your efficiency, look for solutions that make it easy for you to launch the process and attach all the evidence you need directly from their platform. Some digital risk solutions also provide options for limiting access to malicious domains while the takedown process unfolds. And consider how well each solution fits into your existing security infrastructure such as your firewall or email gateway.
The right solution will fit seamlessly into your ecosystem and give you peace of mind, without creating extra noise for your team. Proofpoint Digital Risk Protection enables businesses to identify and respond to threats targeting their employees, customers, and partners on digital channels, including web domains, social media and the darknet. Click here to learn more.
Subscribe to the Proofpoint Blog