Are you YOUR COMPANY S DIGITAL FOOTPRINT?

Similar documents
EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Automated Context and Incident Response

with Advanced Protection

Security and Compliance for Office 365

2018 Edition. Security and Compliance for Office 365

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organisation from Impostors, Phishers and Other Non-Malware Threats.

Machine-Powered Learning for People-Centered Security

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

ybersecurity for the Modern Era Three Steps to Stopping malware, Credential Phishing, Fraud and More

Security & Phishing

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Evolution of Spear Phishing. White Paper

FOR FINANCIAL SERVICES ORGANIZATIONS

Office 365 Buyers Guide: Best Practices for Securing Office 365

REPORT. proofpoint.com

Teradata and Protegrity High-Value Protection for High-Value Data

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

See how proofpoint helps you connect with confidence across all digital channels

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Spring Brandjacking Index

CloudSOC and Security.cloud for Microsoft Office 365

Express Monitoring 2019

Cyber Insurance: What is your bank doing to manage risk? presented by

Doxxing, Dissidents, And. Digital Extortion. Fortify Your Digital Risk Defenses. Nick Hayes, Senior Analyst

Data Privacy in Your Own Backyard

Phishing: When is the Enemy

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Best Practices in Securing a Multicloud World

Getting over Ransomware - Plan your Strategy for more Advanced Threats

How Cyber-Criminals Steal and Profit from your Data

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Cyber Security Guide. For Politicians and Political Parties

Train employees to avoid inadvertent cyber security breaches

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

An Ounce of Prevention

Neustar Security Solutions Overview

Client Resources. participant guide

The Digital Risk Dilemma

REPORT. Year In Review. proofpoint.com

Protecting from Attack in Office 365

Privileged Account Security: A Balanced Approach to Securing Unix Environments

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Accelerating growth and digital adoption with seamless identity trust

Keep the Door Open for Users and Closed to Hackers

DMARC Continuing to enable trust between brand owners and receivers

ELECTRONIC BANKING & ONLINE AUTHENTICATION

THE CLOUD SECURITY CHALLENGE:

Wire Fraud Begins to Hammer the Construction Industry

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Combating Cyber Risk in the Supply Chain

PEOPLE CENTRIC SECURITY THE NEW

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Online Security and Safety Protect Your Computer - and Yourself!

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

CyberArk Privileged Threat Analytics

Cyber Hygiene Guide. Politicians and Political Parties

Who We Are! Natalie Timpone

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

building an effective action plan for the Department of Homeland Security

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Phishing Activity Trends Report August, 2006

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

MarkMonitor Dark Web and Cyber Intelligence TM Dark Web Threat Intelligence to Protect Against Cyberattacks

The Cyber War on Small Business

Cyber Attacks & Breaches It s not if, it s When

RSA NetWitness Suite Respond in Minutes, Not Months

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

PBX Fraud Information

Proofpoint, Inc.

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Best Practices Guide to Electronic Banking

Phishing Activity Trends

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Layer by Layer: Protecting from Attack in Office 365

Phishing Activity Trends Report August, 2005

Securing Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Personal Cybersecurity

Trustwave SEG Cloud BEC Fraud Detection Basics

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

DIGITAL LIFE E-GUIDE. A Guide to 2013 New Year s Resolutions

Cyber Security Updates and Trends Affecting the Real Estate Industry

Building Trust in the Internet of Things

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Online Scams. Ready to get started? Click on the green button to continue.

Phishing in the Age of SaaS

Security in a Converging IT/OT World

HEALTH CARE AND CYBER SECURITY:

AKAMAI CLOUD SECURITY SOLUTIONS

Transcription:

Are you YOUR COMPANY S DIGITAL FOOTPRINT?

WHAT IS A CORPORATE DIGITAL FOOTPRINT? Since the dawn of the digital age, organizations have embraced new opportunities to engage with customers across digital channels. First, consumers saw the birth of corporate websites and email marketing. Companies then followed with branded social media accounts and mobile apps. They also empowered employees and independent advisors to engage in social selling. Your digital presence is critical to providing a cohesive customer experience. It also exposes your company to digital risk. Digital risks are especially dangerous and hard to combat. That s because they target people on infrastructure that sits outside of your corporate environment. There s another issue too. Whether or not you engage in a digital channel such as social media, cyber criminals can create fake accounts that appear to represent your brand. Even in the deep and dark web where corporations have clearly opted out bad actors can defraud your brand or plan attacks on your key personnel and physical assets. The takeaway: You need to consistently monitor and secure your organization s digital footprint in all channels, even if you do not have an official brand presence in one. These include: Social media Employee social selling Web domains Mobile apps Deep and dark web DEEP AND dark web Social Media brand digital footprint WEB Domains Social selling mobile apps

WHAT ARE THE DIGITAL RISKS? Cyber criminals have modernized their techniques to exploit the gap between your digital engagement and the ineffective security controls. Digital attacks expose your company and the people who trust it to an array of security, brand, and compliance risks. Cyber Threats Executive Threats Data Exposure Domain Phishing Brand Impersonation Location Threats Malware Phishing Other cyber-attacks targeted at your fans and followers Doxing (published contact info and other personal data so that people can easily harass the executive) Reputation risks Credential phishing Physical threats across digital spheres Attacks on your digital presence to gain access to: Your customers credentials Your sensitive corporate data Spoofed branded domains for credential phishing Digital presence that imitates your brand to: Sell knockoff versions of your products Steal intellectual property Protests and physical threats against or near your corporate locations

DOMAIN BRAND PRESENCE The internet has grown to more than 330 million unique domain names and three billion users. 1, 2 The vast size and popularity provides companies with one of the richest customer-engagement channels. It has made it equally attractive for threat actors to register domains that imitate your brand. They use these lookalike domains in coordinated web and email phishing schemes. These impostors can register hundreds of lookalike brand domains per day. Domains registered by someone other than the brand are on the rise. In 2016, for every brand-owned defensive registration (to preempt potential typosquatting), someone else registered 10 lookalikes. In 2017, suspicious registrations outnumbered brand-owned defensive registrations 20-to-1. 3 In addition to mimicking your domain presence, bad actors piggyback on your brand s goodwill. Criminals use the lookalike domains to: Highjack your advertising traffic Deliver email phishing schemes Sell knockoff versions of your products Steal intellectual property Chances are, you take precautions to protect your brand-owned domain presence. Monitoring your domain footprint for any suspicious or infringing domains is just as critical. Impostors can tarnish your brand and put your customers at risk. 1 Verisign. Domain Name Industry Brief. July 2018. 2 Statistica. Number of internet users worldwide. March 2017. 3 Proofpoint. Q3 2017 Quarterly Threat Report. October 2017.

MANAGE THE RISKS OF FRAUDULENT BRAND DOMAINS Phishing and Cyberthreats Lookalike domains that are part of a web or social media phishing scheme Also used as the sender domain in email attacks and to lure your customers to sites that are infected with malware Designed to trick your customers into giving up their credentials or other sensitive information Lost Transaction Dollars Profit seekers spoof your domains to divert your traffic to generate ad revenue, sell knockoff versions of your products, or peddle competing products These ploys can lead to real revenue losses The Methbot scheme spoofed 6,000 U.S. domains and stole $5 million in fraudulent revenue per day 4 Customer Turnover Infringing domains hurt your brand trust and customer experience When a bad actor spoofing your domain negatively impacts your customers, they could attribute the bad experience to your brand 73% of customers reconsider using a company if it fails to keep their data safe 5 4 Fortune. The Russian Methbot Scam Is Just the Tip of the Ad Fraud Iceberg. December 2016. 5 Deloitte. Cyber attacks leave a fifth of consumers out of pocket. November 2015.

SOCIAL MEDIA BRAND PRESENCE Social media is a great way to promote your products and interact with customers. Consumers turn to social media to engage with their favorite brands. In fact, 74% rely on social media to guide their purchases. 6 But with all this engagement, there are also risks from brand-related accounts you don t own. Fraudsters create lookalike brand accounts to scam your customers. A Proofpoint study reported 19% of social media accounts associated with the 10 biggest brands are fraudulent. Social media phishing links grew 70%, and fake customer-support accounts used for phishing jumped 300% from Q1 Q2 in 2017. 7 2017 Most Common Social Media Scams 8 35% 30% Free blockbuster movie streaming Work from home and make easy money But impostors aren t the only issue. You also need to manage risks on your official brand-owned accounts. As your social presence and fan base grows, so does your exposure to offensive content, security threats, and compliance risks. And you must also consider your brand ambassadors personal social media accounts. Your social selling program shouldn t hurt your brand or create compliance violations. 25% Offers for free items to get a click The Takeaway: Discovering and protecting your social footprint is vital to preserving your brand s reputation. 10% Brand fraud: fake coupons, free flights 6 MarkMonitor. Brand Abuse Lurking on Social Media. October 2015. 7 Proofpoint. Q2 2017 Quarterly Threat Report. August 2017. 8 Proofpoint. 2018 Human Factor Report. April 2018.

MANAGE THE SOCIAL MEDIA RISKS Offensive Content Account Takeover Hashtag Hijacking Compliance Risks Fraudulent and Brand Protest Accounts Whether it s a cyber Companies have Once you ve invested Regulated companies Fraudsters set up punk or an unhappy hundreds of social in making a hashtag need to adhere to accounts to masquerade customer, abusive and media accounts, dozens popular, anyone can rules on managing as your brand and offensive content on of admins with login use it so that their post social media accounts take advantage of your your company s social privileges, and multiple lands on your social and communications. customers by distributing accounts diminishes your authorized publishing wall. Hijacking happens These also extend scams, counterfeit brand value and detracts applications. This when someone uses to your advisors who goods, phishing, customer engagement. complexity introduces your hashtag for a participate in your social and junk ads. Cyber risk for bad actors to different purpose than selling programs. criminals also create take over your account you originally intended. fake customer support and fill your feeds with accounts to phish harmful content. credentials.

MOBILE APP BRAND PRESENCE Today s mobile app ecosystem is large and dynamic. Users have 3.6 million apps to choose from in Google Play, the largest app store. 9 And hundreds of secondary third-party app stores offer millions more apps legitimate or otherwise. Mobile apps are fertile ground for cyber criminals looking to impersonate your company and unleash attacks on the people who trust it. According to Marketing Science, 40% of mobile app inventory is fraudulent. Keeping track of your mobile app presence and identifying fraudulent brand apps is important part of safeguarding your corporate digital footprint. Fraudulent Apps Criminals create applications that imitate your brand even if your company hasn t created an official mobile app. When unsuspecting customers install the app, it can steal their credentials, distribute malware, or access personal data stored on their device. Unsanctioned Apps Managing your mobile app lifecycle can be hard. Apps can get published without going through your company s quality assurance and security review processes. Outdated versions of your app can remain on third-party stores after you release a newer version. Unauthorized Third-Party Hosting Hundreds of lesser known third-party app stores may host your brand s apps for download without your knowledge or consent. These are popular stores for hackers to post modified versions of your app that deliver an attack payload. Unauthorized third-party hosting damages your brand reputation and customer engagement. 9 AppBran. Number of Android applications. February 2018.

Deep and DARK WEB RISKS The deep and dark web emerged in recent years as the private place to engage on the internet. The websites are not indexed by search engines, and users need a Tor browser to access it. Given the promise of anonymity inherent in the dark web, it is a hot spot for posts and discussions that can pose huge security risks to your employees and office locations. In fact, 57% of the dark web sites designed for Tor facilitate criminal activity. 10 MANAGE THE DARK WEB RISKS TO YOUR BRAND Executive Risks Location Risks Doxing Physical Threats Account Compromise Reputation Risks Lone Wolf Attacks Threatening Language Protests Bad actors can publish personal information about your executives to a wide audience. Your executives can then be threatened by anyone who wants to harass or harm them. Cyberstalking, intimidation, and direct threats to your executives can deeply damage their sense of safety and wellbeing. From business and vacation travel to social media activity, there are many ways an executive can be tracked and eventually attacked. Access to your executives privileged credentials can lead to an orchestrated cyber-attack. Key executives emails and passwords can be sold in the dark web. These actions can enable attackers to compromise accounts and exploit your company s confidential information. People sometimes vent online about a company or flame its executives. This can be a one-time cyber jab. But often, threat actors turn up as antagonists who use profanity and hate speech to create a stir about a key executive and disrupt their day-to-day lives. Organizations need to be aware of real-time threats and events in and around your key locations, such as your corporate headquarters and retail sites. Lone wolf attacks may be out of your company s control. But you can manage the risks when your company gets visibility into them and has a response plan in place Organizations should monitor the digital universe for threatening language from suspicious and disgruntled people who are in and around your key locations. These issues can lead to critical events around populated areas, such as concerts, corporatehosted events, holiday parades, sports arenas, and more. Coordinated events where people are protesting or rioting near your business locations prevent successful day-today business and can impact employee safety. 10 Daniel Moore, Thomas Rid. Cryptopolitik and the Darknet. February 2016.

PROOFPOINT PROTECTS YOUR DIGITAL FOOTPRINT 3 STEPS TO MANAGING YOUR BRAND S DIGITAL FOOTPRINT Discover Managing a brand s digital presence has traditionally been a manual, ad hoc effort. Processes are often reactive, and they may focus only on a specific channel. Given the breadth and seriousness of digital risks to Protect BRAND S DIGITAL FOOTPRINT your brand and customers, monitoring and protecting your organization s digital footprint is critical across all of these channels: Social media Monitor Employee social selling Web domains Mobile apps Deep and dark web DISCOVER Monitor Protect Scan digital channels to gain visibility of your brand's presence and assess risk. Consistently monitor your brand's digital footprint to ensure it's free from digital risks. Protect your footprint from brand fraud, attacks, malicious content, compliance violations, and other digital risks.

The Proofpoint DifferencE Proofpoint Digital Risk Protection looks beyond your perimeter to deliver comprehensive security, brand, and compliance protection against digital risks. We provide real-time discovery, monitoring, and protection across social, mobile, domains, and the deep and dark web for risks to your brand. It s the only solution that gives you a holistic defense for all your digital engagement channels. Social Media Discovers your brand s social presence with just a few clicks Automatically removes malicious content from your official brand accounts Detects account takeovers and locks down compromised accounts Monitors hashtags and brand terms for reputation and security threats to your organization Monitors digital content for threats to your executives, employees, and physical locations Domains Provides visibility of suspicious domains, dormant domains, and your brand s defensive (typosquatting prevention) domains Quickly detects URLs that are part of active phishing campaigns Delivers automated alerts when new, risky domains are detected or their takedown status changes Mobile Apps Finds mobile apps associated with your brand Helps you detect and respond to risky mobile apps Scans official app stores and hundreds of secondary stores Gives you a complete list with just a few clicks Deep and dark Web Analyzes more than 15 million deep, dark, and surface daily Detects threats to your brand, executives, and locations Provides detailed, real-time threat monitoring Increases cyber intelligence and peace of mind Controls connected applications Prevents phishing attacks on your followers

Learn More To learn more about Proofpoint Digital Risk Protection solutions visit: proofpoint.com/us/products/digital-risk-protection ABOUT PROOFPOINT Proofpoint, Inc. (NASDAQ:PFPT), a next-generation cybersecurity company, enables organizations to protect the way their people work today from advanced threats and compliance risks. Proofpoint helps cybersecurity professionals protect their users from the advanced attacks that target them (via email, mobile apps, and social media), protect the critical information people create, and equip their teams with the right intelligence and tools to respond quickly when things go wrong. Leading organizations of all sizes, including over 50 percent of the Fortune 100, rely on Proofpoint solutions, which are built for today s mobile and social-enabled IT environments and leverage both the power of the cloud and a big-data-driven analytics platform to combat modern advanced threats. Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. proofpoint.com 0418-011

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback