As we enter a new era of interconnected cybersecurity threats, companies and organizations would be wise to overhaul their entire view of the online landscape in order to be fully prepared, writes Karl Swannie, Founder of Echosec.
By Karl Swannie, Founder, Echosec Systems
The coronavirus pandemic has forced rapid change across every level of an enterprise, and cybersecurity is no exception. Security teams have quickly learned that real-world events and online risk are highly interconnected.
As digital risk diversifies, cybersecurity has also become more relevant across many business roles, not just IT. It not only encompasses organized cybercrime but also cyber-enabled threats such as targeted misinformation or physical risks to individuals and assets.
As threats become more integrated, many organizations have failed to adapt their security strategy accordingly. An incident may be delegated as a cybersecurity issue even if it has organization-wide consequences. Risks can also be overlooked without considering connections between the wide variety of social media, deep web and dark web networks that are now relevant for security teams.
With all this in mind, the question becomes how can CISOs and IT managers move forward better equipped for a more integrated threat landscape?
Approach cybersecurity as an org-wide strategy
Far too often, digital risks are treated as an IT problem rather than a business priority. Increased digital transformation means that online risks impact all business areas and have greater, longer-lasting effects on revenue and operations as a whole. According to IBM’s 2020 Cost of a Data Breach report, organizations incur $1.52M, on average, in lost revenue per breach.
And these business impacts aren’t just due to increased cybercrime like phishing and ransomware—cyber-enabled threats are implicating a variety of business operations.
For example, damaging viral content or misinformation, evidence of theft or internal threats, and physical security risks are all facilitated by and discoverable through online sources. This information is now valuable for cybersecurity and marketing, compliance, and physical security teams, to name a few.
So how can CISOs and IT managers tackle digital risks more holistically?
For one, security teams should rethink their toolkit. While threat intelligence tooling is valuable for cybersecurity personnel, security teams should consider software that is also accessible for non-technical teams like compliance who require digital risk data.
Security officers must also communicate digital risks to executives and board members as business risks—how do online threats, from data disclosure to theft, translate to lost business in dollar value? This will ensure that digital risk is clearly understood through the lens of business impact and prioritized by leadership accordingly.
Prioritize breadth of data
As digital risk covers a greater diversity of use cases, more online spaces are relevant for detecting risk and defending your organization. Beyond standard threat intelligence sources—like technical feeds and the dark web—security teams now need to consider a broader set of sources.
These could include mainstream and fringe social media sites (which tend to emerge quickly), deep web forums, and messaging apps. For example, platforms like 8kun or Telegram could host compromised information or other targeted risks, but may not be standard data sources in a security team’s toolkit.
Any one of these sources is not necessarily valuable on its own. However, access to a combination of social, deep, and dark web data alongside technical cyber threat intelligence can help security teams follow breadcrumbs more comprehensively across the web.
Security teams require multiple threat intelligence solutions to do their jobs effectively. But tools that prioritize data diversity (rather than focusing only on the dark web or social media, for example) can streamline toolkits, save analysts time, and provide more valuable context.
Rethink how you conceptualize the internet
These considerations point nicely to a third shift: integrating not only cybersecurity strategies and data sources but also our understanding of the internet.
Adversaries are not segregated to distinct web spaces—and neither should threat intelligence strategies. The internet has long been conceptualized as fragmented surface, deep, and dark web networks (so vividly imprinted in our brains by iceberg diagrams). But from a threat intelligence perspective, the internet looks more like an interwoven network of breadcrumbs traversing all web spaces.
Why does this matter?
Whether or not we want to believe it, a fragmented understanding of the internet can influence cybersecurity strategies and how tools are adopted and developed.
Cybersecurity teams should reconsider how their approach may overlook the interdependence of online networks. Tools and methodologies that represent their connections more accurately should also be prioritized. This could look like including a wider variety of data sources or adopting more robust pivoting and data visualization features.
With or without a pandemic, digital transformation is urging some significant changes in cybersecurity.
As the threat landscape scales and diversifies online, the lines dividing enterprise departments in their response—and the lines dividing online spaces where threats originate—are becoming more blurred.
These changes must be considered to approach digital risk more holistically as an organization, helping security personnel stay ahead of threats and minimize or avoid related damages.
About the Author
Karl Swannie is the Founder of Echosec Systems. Founded in 2013, Echosec Systems is an advanced threat intelligence technology provider that monitors data across mainstream social media, decentralized social networks, messaging apps and the dark web. Headquartered in Victoria, British Columbia, Echosec Systems has created a range of unique software solutions to provide organizations with an all-in-one toolkit to create an easy to understand, comprehensive picture of potential threats online, without the risk of drowning in data. Karl can be reached through LinkedIn and at Echosec.net.