The Evolving Cyber Threat Environment: Why Your Business Needs External Monitoring

Posted by Greg Mancusi-Ungaro

Thu, Feb 11, 2016

Regardless of industry or market, CISOs are facing new classes of attackers, from sophisticated teams of hackers who want to obtain an enterprise’s lucrative customer data to activists who want to ruin a company’s reputation and fraudsters who imitate a brand for financial gain. Cybercrime has become organized crime and criminals are finding new ways to harm businesses and individuals on a daily basis.

Without being alarmist, depending on the size and notoriety of your company, it's not unreasonable to assume that while you are reading this, someone is working to pry private, sensitive data from your servers. CISOs must stay ahead of the curve to combat the rapidly evolving cyber threats that have resulted from an increasingly global and digital business landscape.

The Necessity of Regulatory Compliance

In addition to general security regulation put forth by governmental agencies in North America, certain industries have other regulatory bodies with which they must comply. For example, financial institutions in the U.S. must comply with FDIC and FFIEC regulations to help ensure the integrity of communications and online activity. On a global scale, foreign financial institutions with a large presence in the U.S. subject to those same U.S. regulations. However, compliance initiatives are not usually sufficient to stem security concerns.

To better understand potential security gaps, especially in regards to cyber threats beyond the perimeter, many enterprises have joined their industry’s ISAC organization, such as FS-ISAC, the premier security working group for financial services industry. Through organizations like this, and emerging ISACs and ISAOs, institutions and enterprises are able to pool knowledge and plan for the latest kinds of cyber threats, and implement robust threat detection architectures, controls and information sharing programs.

But even as organizations develop and implement strategies for staying ahead of the cybercriminals, they have been unable to solve their security problems – particularly when relying solely on in-house resources. Because of the massive costs and resource requirements necessary to build a team to detect and manage outside threats, outsourcing a portion of cyber security has become the norm for most companies.

Ensuring Security Beyond the Perimeter

A large North American firm with a global presence recently worked with BrandProtect to estimate the costs of protecting the firm (employees, assets, partners, reputation) from third party cyberattacks and brand abuse through a wholly in-house effort. It determined that it would have to assemble a team of at least six people and invest between $2 to $3 million annually to create coverage that at best would only attain a small fraction of the coverage that it enjoyed through its partnership with a security firm – in this case, BrandProtect.

A strong partnership with a security services provider effectively adds highly trained, deeply experienced cyber threat specialists to a firm’s existing security team without the need for additional training or technology investments. From phishing scams and domain abuse to mobile application fraud and sophisticated identity theft schemes, a dedicated managed service can provide multiple layers of threat detection, analysis, threat correlation, and threat mitigation. All day, every day, these services will patrol online sites and markets to discover and understand any threats to a business and unauthorized or infringing online content related to the firm or its employees.

An increased use of technology across all business models has led to more threat vectors than ever before, as attackers have exploited gaps formed by business being transacted digitally and employees having access to an organization’s data outside of its walls. As a result, cyber threats are moving beyond the traditional security perimeter, which is making it harder for organizations to detect potential attacks using existing perimeter-focused tools. Without the proper preparations, such as implementing holistic external monitoring and collaborating with security experts, organizations will struggle to detect and diffuse online threats. Forward-thinking CISOs are already adopting external monitoring to better protect their organizations, and that number will increase throughout 2016.

Will you be ready?

Read More

Topics: Security, internet security, cyber threats, CISO, InfoSec

Why Social Media Risk Planning is Necessary for Brand Image

Posted by Natalie Gleba

Fri, Jul 11, 2014

It is no surprise that 84% of businesses have now adopted social media to implement an online presence to communicate with customers and overall, increase their brand reach [1]. Whether a small independent business or a large B2B company, it is more evident than ever that businesses who do not build and maintain an online social media presence will get left behind, and evidently lack competitiveness. Having a social media presence offers clear advantages for marketing and sales departments, however, with this comes the disadvantage of having increased social media risks that could potentially harm the company’s brand. Therefore, it is extremely important that businesses adopt a Social Media Risk Plan to manage their reputation online and know how to mitigate potential threats.

Read More

Topics: Brand Protection, risk management, defamatory, brand abuse, online brand protection, Reputation Management, Social Media Monitoring, employees social media, online identity, social media, Internet Threats, Risk, internet security, cyber threats

Top 5 Social Risk Strategies for Financial Institutions for 2014

Posted by Shanna Gordon

Fri, Feb 28, 2014

As the social media ecosystem continues to evolve on a daily basis, so do the risks to your brand and reputation. Monitoring social media for risk is a no-brainer these days, but there are other channels you need to be looking at to ensure you are covering all your bases.  

Read More

Topics: Brand Protection, risk management, online brand protection, Internet Threats, Risk, internet security

Security Risks: The Real Threat Could Be Internal

Posted by Sarah Connor

Fri, Jan 17, 2014

So your company’s computer system has just been compromised. It must have been those nasty hackers, wreaking havoc by targeting your business. But maybe not.

Read More

Topics: risk management, Reputation Management, Risk, internet security

Online Resilience: Defining the future of brand protection

Posted by Omri Benhaim

Mon, Jul 22, 2013

You have survived the first half of 2013 while only being hacked 2 times had 3 malware scares, 1 imposter twitter account and a phishing incident. For many of us individual users as well as companies large and small this is the reality of working, playing and socializing on the internet. These turbulent times are a mere glimpse into the future of what is to come and we must ensure that we are proactive, reactive and above all resilient to these threats. But what are these threats and what does the future hold?

Read More

Topics: Malware, Brand Protection, Phishing, cybercrime, internet security, mobile malware

Internet Security Brings Out The Best Of Us

Posted by Dylan Sachs

Fri, Mar 01, 2013

Last week, I had the privilege of attending the Microsoft-run Digital Crimes Consortium Conference (DCC 2013), held this year in lovely Barcelona, Spain.  Unlike many of these “internet security” conferences, Microsoft did a great job pulling in the actual techs responsible for the fantastic work we are doing as a community, as opposed to middle- or upper-management who simply present the work done by others.

Read More

Topics: Brand Protection, cybercrime, internet security, microsoft

Internet Reputation Management Guidelines Series: Why you should prepare

Posted by Adriana Tayraco

Mon, Jan 07, 2013

Internet-based brand fraud, defamation and identity theft are relatively new additions to business risk for most organizations. The conventional view is that damaging activities, such as identity theft attacks, became a legitimate concern to law enforcement agencies and enterprise risk managers as recently as 2003. During this time, corporate information technology departments were focused on building firewalls to secure their internal information systems, customer databases and e-mail systems. 

Read More

Topics: Brand Protection, Reputation Management, brandprotect, internet security

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

  Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all