Today’s marketing organization uses countless SaaS-based tools and platforms that live outside of an organization’s network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don’t join the latest social media platform, in most cases there are not proper security systems in place to ensure a person or brand is even verified. They just can’t scale with pesky things like security and privacy controls in place.
Due to these limitations it is almost entirely up to each organization to gain a full understanding of their digital footprint and to monitor it as it grows. This week we’re going to take a look at some of the more common digital risks that can occur across the open, deep, and dark web, with a dash of mobile and social thrown in for good measure.
Spoofing and Impersonation
You wake up to a text message alert on your phone: “Why is Jack, our CFO, posting rude messages to our customers on Twitter?”
But wait, Jack doesn’t have an account. It’s not uncommon, it only takes a few minutes, but spoofing and impersonation of people and executives happen on a daily basis. In some cases these are designed to just be parodies, in other cases they are designed to mislead a target audience. The same thing can be done with misspelled domain names and copycat mobile apps. These fake assets mislead people, can damage a brand, and result in data breaches or loss of PII.
In most cases a marketing team, ones that commonly uses the same digital tools that threat actors abuse, are not prepared to monitor for or respond to these digital risks. In these cases both marketing teams and security teams need to work together to monitor for and take down these potential risks. This may not be a common duo today, but as enterprise organization’s digital footprints continue to expand, it will be.
What to monitor for: fake accounts posing as a brand/executive, domain names, mobile apps
Employees are often left to blame for a lot of data exposure situations, but when trained, they can be one of the most important component to a security vigilant organization. A well tuned marketing organization, in addition to other employees, can often spot potential data leaks out on the web or prevent them from occurring. With a quick Google search you can find hundreds of cases where someone accidentally uploaded private credentials to github, so much so that they created a doc with instructions on how to reverse it.
These things certainly do happen, but a marketing team is unlikely to be the ones to find it. Instead, security teams need to log where each tentacle of an organization's digital footprint has spread and monitor for potential issues there. In the same, a marketing team likely won’t be exploring the dark web as part of their brand monitoring efforts, which leaves the security team to be vigilant there for offers to sell company or customer data.
What to monitor for: brand mentions, executives, code bases, bin sites.
The majority of phishing attacks are still delivered through email; however, in this year’s Phishing Trends and Analysis report we identified a growing number of attacks being delivered through social media. That means those tweets and messages a brand team may ignore can actually contain a malicious link that one of their customers may incidentally click on, provide their credentials to, and later cause headaches to both the user and brand.
Security teams need to monitor for malicious links that abuse their organization’s logo, name, and brand or products as a result. These can be housed on forums, social media, and anywhere that customers typically go on the web. Unfortunately most marketing-based or SaaS monitoring solutions also produce more brand-driven rather than security-driven results, which means you’ll also be wading through quite a bit of white noise.
What to monitor for: emails for phishing attacks, deep/dark/open web for planned attacks, malware configs.