Digital footprints have often been seen in the context of the individual. However, at Flare, we view things in a slightly different light. As cloud adoption has risen and organizations have increasingly digitized information, the digital footprint of organizations has expanded dramatically. So let’s get the basics out of the way. What exactly is an organization’s digital footprint? At Flare, we define a company’s digital footprint as:
“The cumulative total of information about a company that is publicly available on the dark, deep and clear web.”
A company’s website, email servers, github environment, and domain, are all part of an organization’s digital footprint. But a digital footprint isn’t entirely composed of information that a company wants to be public. Exposed corporate account information found on the dark web, secrets inadvertently made public on github, and a document uploaded to pastebin containing organizational intellectual property are also part of their footprint.
Without a complete picture and understanding of what information about your company is publicly available, you will almost always be reacting to cyberattacks and malicious actors rather than proactively preventing incidents. That’s why we designed Flare, a platform that provides a unified approach that enables you to visualize and respond to potential threats on the deep, dark, and clear web.
Types of Data in your Digital Footprint
Digital footprints in business differ from personal digital footprints. Your businesses digital footprint can include:
- Your company website
- Your online social media accounts
- Employee profiles on Linkedin
But also things like:
- Stolen credentials, passwords, and account access
- Employees’ and customers’ personal information
- Externally facing open ports and services
- Intellectual property
- Source code
- Misconfigured Cloud Servers
Any other technical or business information also falls under this umbrella.
The Risks of an Unknown Digital Footprint
Without continuous monitoring and actionable threat intelligence from the dark web, attackers can easily exploit vulnerabilities in your organization that you don’t even know exist. Additionally, it becomes dramatically harder to interrupt attacks that are in process.
Traditional approaches to security that don’t involve external monitoring miss a large piece of the picture. You can have a security operations center, successfully patch vulnerabilities, appoint a CISO, practice good identity and access management hygiene, and simultaneously miss the fact that a key employee is regularly sharing confidential company information through Telegram.
Fundamentally these are all internal cybersecurity controls which are reactive in nature. Monitoring your organization’s digital footprint allows you to go beyond simply monitoring endpoints and networks, and proactively identify, disrupt, and prevent threats.
Unknown Attack Surface
One of the most significant problems with not monitoring your digital footprint is that you have no idea what your external attack surface looks like to a malicious actor. You could have misconfigured cloud servers leaving data exposed to the internet, or user accounts for sale on the dark web. In many cases you would only learn there was a problem after a malicious actor had launched a successful attack.
Myopic View of Risk
By failing to take your organization’s digital footprint into account, you are missing a large piece of the risk puzzle. Cyber risk can come from a variety of sources including phishing attacks, advanced persistent threats, third-parties, and unintentional data leaks.
However, if your cybersecurity approach is focused entirely on internal monitoring, you will often only be seeing attacks and incidents after they have occurred which will lead to a skewed view of risk. In addition, it can be far more difficult to successfully attribute the source of a data leak or cyberattack.
Data Leakage
Data leakage is unfortunately routine. Many organization’s find that as their organization expands, it can be extremely difficult to stay on top of data leaks. Part of the problem is the myriad of sources a data leak can come from. An employee could share a list of employee names and addresses with a contractor that ends up on pastebin, permissions could be improperly set on a cloud server, or a CEO could leave their laptop in an airport.
Many organizations find that they are constantly reacting to incidents, many of which are attributed to human error rather than malicious actor activity. What was at first an unintentional data leak by an employee or contractor can quickly turn into a data breach or other cyberattack when malicious actors discover the information and use it for their own ends. Monitoring an organization’s digital footprint enables security staff to proactively identify and remediate data leaks before they get worse.
Your Digital Footprint and Proactive Cybersecurity
At Flare, we focus on the concept of having a proactive approach to cybersecurity. Traditionally companies put in place their cyber policies, build a risk management function, ensure employees use endpoint protection, and monitor the network for security events and incidents. These are all good and important things to do, but they don’t provide full visibility into an organization’s internal and external environments.
Measuring and managing your digital footprint enables you to take a proactive approach to cybersecurity. Rather than finding out that a cloud server has been misconfigured or that your Git permissions are set incorrectly when you suffer a data breach, digital footprint monitoring enables you to proactively flag risks.
Even for organizations with fairly advanced security postures, it can be difficult to stay on top of cyber risks. By definition, the larger an organization is, the larger their digital footprint will be. Each additional employee and department adds an immense amount of external data. Traditionally advanced threat intelligence capabilities have only been available to large, highly mature organization’s. Flare changes that.
The Anatomy of a Cyberattack: How Understanding your Digital Footprint can Stop Attacks
First the group sets up a domain that looks almost exactly like yours. So instead of
Examplecorp.com they set up the Domain Examplec0rp.com
(The attack could be stopped here with digital footprint monitoring software that could detect lookalike domains).
Then the group makes email accounts on their new lookalike domain to mirror your corporate executives. Since your organization’s SOC is focused mostly on internal monitoring, the lookalike domain creation is totally missed.
Finally the group sends out emails to the IT and accounting departments. An IT Department head has had a long day and clicks on a file attachment he believes has come from the CEO. Malicious software is downloaded in the background on an endpoint in the IT department which then moves laterally through the network. Within hours a criminal syndicate has thousands of Examplecorp account credentials for sale on the dark web for $20 per login, paid in Bitcoin.
(The attack could also be stopped here with digital footprint monitoring software that would identify company accounts for sale on the dark web)
Another cybercriminal group purchases the account information. They then identify individual employees, find their personal email addresses online, and begin attempting to log-in to online bank accounts using the personal emails and employee passwords. Since many employees re-used their work passwords, several have thousands of dollars wired out of bank accounts.
So far the IT and cybersecurity departments at ExampleCorp still have no idea that anything is wrong. Next the malicious group logs into the CFO’s account and sends instructions to the accounting department to wire a six-figure sum to a “new vendor”, they log into IT accounts and send links to the product team containing ransomware.
Within hours, Examplecorp has lost hundreds of thousands of dollars, users are locked out of critical systems, and the company has to publicly disclose a data breach with the attendant loss of reputational standing in the market.
Flare Offers Comprehensive Digital Footprint Software
Many organizations struggle to develop a coherent approach to monitoring their external attack surface. Identifying secrets and confidential information leakage across multiple platforms can be extraordinarily challenging. Before using Flare, our client’s often find they have to split time between:
- Source Code repositories
- Dark Web Forums
- Dark Web Marketplaces
- The Deep Web
- Pastebin
- Other anonymous file sharing sites
The difficulty is compounded when one takes into account that many dark web marketplaces are password protected or require a form of authentication to join.
Flare’s platform focuses on performing continuous monitoring of critical external environments in order to provide in-depth reporting and contextualization for data across numerous platforms and domains. Understanding your organization’s digital footprint can enable you to disrupt the lifecycle of cyberattack at numerous points, and adds an additional layer of practical monitoring to your current security architecture.
If you’re interested in participating in a webinar that can help you discover your digital footprint, click here, and join Flare’s CPO Yohan Trépanier Montpetit in his presentation on the topic.
Already convinced? Or just curious to see how the platform performs in your hands? Book a walkthrough with Flare to see how we can help you map your digital footprint.
