Cyber security is certainly taking a front seat on the government’s agenda, with plans to spend £1.9 billion on the growing threat, including the protection of businesses and tackling cyber scammers.
Undoubtedly, an organisation’s vulnerability to cyber attack is a concern for decision makers, and having a robust cyber security policy in place is a must. But not enough action is being taken to protect the brand, nor are the correct cyber threat management controls in place.
RiskIQ’s recent research showed that, unsurprisingly, 82% of C-suite and senior managers admit they are concerned about the vulnerability of their web sites, mobile applications and social media accounts to cyber attack and impersonation.
>See also: Digital trust and the API economy
It is worrying then that over half (57% do not have a digital brand protection programme or team in place and over a third (34 percent) are missing a dedicated cyber threat management programme to protect them.
There is a clear discrepancy between perception and reality and this needs to be resolved quickly in order for businesses to be sufficiently protected against impending cyber threats.
With thousands of connected devices entering the office and shadow IT in abundance, keeping track of an organisations’ security outside of the firewall is difficult.
Employees very much form part of the risk to a business, often assuming that the IT within their organisation will provide adequate security measures, regardless of their actions.
Many don’t even consider the risks that their actions might create, such as downloading a malicious app without checking its credentials or legitimacy.
This is further compounded by the growing importance of digital communication to successful customer engagement that has given rise to continued investment in web, mobile and social.
>See also: Security in the sharing economy
These trends have led to the digital footprint of many organisations being much broader than anticipated. Where we engage with organisations it is common for RiskIQ to uncover 30 to 40% more publicly exposed digital assets that the organisation should be tracking but of which they are unaware.
The breadth of organisations’ digital assets, both known and unknown, may lead to potential risks that could include threat actors compromising vulnerable web assets and duping users by impersonating business brands.
These tactics range from creating social media accounts that look and feel like a legitimate organisation’s to redirect users to sites infected with malware, to impersonating a brand for use in app stores around the world – even though in some cases, the company doesn’t have a mobile app.
While our research suggests that there is high confidence among the C-suite and senior managers when it comes to protecting a business’ digital presence, there is a discrepancy in reality, a digital security gap, as one quarter either don’t know or don’t currently monitor their digital channels.
It comes as no surprise that the majority (90%) fear that their organisation is equally or more at risk from cyber security attacks and digital brand impersonation compared to just five years ago.
Such concerns are having a direct impact on business progress, with 85 percent of those surveyed stating that cyber security and brand protection concerns are affecting the rollout of new digital initiatives.
To enable businesses to combat the growing cyber and brand impersonation threats, all web, mobile and social channels need to be closely and regularly monitored, and unknown assets brought under management in order to enable continuous visibility of the web attack surface and comprehensive risk management.
Coupled with a more proactive approach to bridge the digital security gap, business leaders also need to ensure much greater awareness on the changing nature of threats today and how each of us can unwittingly compromise our organisations unless we are more observant.
Detection of cyber threats in the early stages allows for mitigation that will greatly reduce the negative impact to the business and most importantly, to its customers.
Limited awareness of cyber security across a business leaves organisations exposed and at risk of hack attacks.
For business leaders to be equipped enough to protect their employees and company assets from theft or malicious activity, digital brand protection and cyber threat management needs to be planned and implemented immediately.
Taking a more proactive approach to defending beyond the firewall through digital risk monitoring and external threat management will lead to decreased risk to digital channels and so heightened digital progression for the business as a whole.
Sourced by Colin Verrall, VP EMEA, RiskIQ