Last updated at Tue, 24 May 2022 19:00:14 GMT
A few weeks ago, I posted a blog about digital footprints and how cybercriminals use them in their attacks. This is a key challenge for almost every organization, yet most don’t have tools in place to monitor and track their digital footprint. This means their attack surface is growing with no way to monitor how hackers may be targeting them.
Hackers perform reconnaissance on their targets before launching an attack to identify the weak points and maximize their chance of success. To protect yourself from new hacker tactics and attack vectors, you need to view your organization like an attacker would.
Here are five ways to reduce your company's digital footprint and minimize your chance of a successful attack.
1. Employee Education: Employees are a critical component of your cybersecurity protection, and are often the weakest link in the chain. There's no replacement for employee cybersecurity education. Training your team on how hackers use digital footprints to figure out credentials will help them understand how to create safer logins. For example, teach them to not use any personally identifiable information or publicly accessible information as their username/password/key to company systems. Additionally, identify key employees with access to the most sensitive systems, and invest even more on educating them to further protect these critical systems.
2. Company Policies: Set policies that force employees to refrain from using any PII for authentication to sensitive systems. Do not use birth dates, social security numbers (SSNs), or security questions that can be easily guessed from a short search on google (the name of your high school, or your mother’s maiden name). It may be harder for employees to use a unique set of credentials just for work, but it makes it exponentially harder for a hacker to guess or social engineer these credentials out of users. If it takes a hacker too long to figure out login credentials, they will likely give up and try a different company. There are plenty of weak targets out there!
3. Use Search Engines to Begin Mapping Your Digital Footprint: To know where your weak points are, you need to understand your complete digital footprint and view your organization as a hacker would. Go on Google, search for your company brand and assets, and examine how the public sees your critical infrastructure and VIP assets. You’ll be surprised at how much information is already out there. With basic search techniques, you can start to map the Internet presence of a company in just a couple of hours.
For individuals, search for data that only you know, and that an attacker will want to discover: SSNs, full names, names and current addresses, etc. For companies, search for potential assets, internal IP addresses, and unique server names. Check for access to internal pages and servers from outside the company’s physical network.
4. Take Down Non-Related or Outdated Assets: Part of your search engine research process should include marking and taking down any non-related, outdated or outright malicious data, website, repository or article that you find. To do this, contact the hosting parties, request them to remove the content from the site, or alert Google of malicious links to be removed.
5. Use a Digital Risk Protection (DRP) Solution: If you really want to get serious about reducing your digital footprint, you need to implement a DRP solution. According to Forrester Research, these solutions "offer rapid event detection and remediation capabilities so companies can fix issues before bad actors exploit them (e.g., sensitive data publicly exposed due to misconfigured Amazon S3 buckets, impersonated social media accounts, or phishing websites) and to limit the effects of successful attacks when they occur."
DRP solutions also enable you to search the deep and dark web for any leaked credentials or key company assets that could already be compromised. This will help you proactively protect against unauthorized access by locking down these credentials before they’re used in an attack.
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.Subscribe