Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in
Viktoria Austin
Read More From Viktoria Austin
June 16, 2020 | 6 Min Read

Modern Development Practices Leads to Increased Exposure

As customers, we can be a bit demanding when it comes to technology products. We want the latest products, features – or the most recent versions of those. We’re not stuck for choice though. Rather, our menu of technology products is always growing. These days, companies are all racing to push out products to satisfy our digital hunger. In fact, research conducted by Google highlighted that elite performing organizations deploy software updates to their end-users, on average, multiple times per day and on the lower end of that up to between once a month and between every six months

However, a combination of the rapid delivery of software, onset of digital transformation – which shifts software development practices online – and poor security practices, have increased the likelihood of sensitive technical data, such as code, technical credentials, and data storage solutions (to name a few), to be exposed online: 

  • It feels like every week we hear about another database that is discovered with customer records exposed? And, let’s face it, that is just what gets reported. Every day thousands of organizations’ engineering teams misconfigure their code repositories or databases to expose their contents to the public.
  • The recent Verizon Data Breach Incident Report 2020 states that errors are now more common than malware in data breach incidents. While misconfigurations accounted for 20% of all error varieties in 2018, this doubled to over 40%  in 2019. 
  • On top of that, researchers from the University of North Carolina State University have observed that not only is secret leakage pervasive — affecting over 100,000 repositories — but that thousands of new, unique secrets, identified as API and cryptographic keys, are leaked on Github at a rate of thousands per day.

Who’s Responsible?

Though these risks stem from software development practices, managing this exposure tends to fall under the security teams remit – unfair right? Almost like when a sibling makes a mess and you have to tidy it up – sigh. 

Tracking technical leakage exposure can be challenging, especially when lacking visibility of where these assets lie and internal resources. To manage and mitigate technical leakage on your behalf, Digital Shadows, from today, releases the new ‘unauthorized commit alert’ service within SearchLight, which identifies unauthorized commits to public code repositories emanating from collaborative software development tools. 

In this blog, Digital Shadows will provide an overview of this new capability.

Figure 1: Comprehensive set of digital risks 

Types of code you do not want exposed

One of the biggest challenges of software development is when secrets become exposed by developers. Secrets, in software terms, are forms of digital authentication, such as passwords, API, access keys, and more. Much like our passwords may be stored in an online password vault, secrets have their filing systems: code repositories. While most code repositories are private, cases have emerged whereby secrets have been exposed to public repositories, meaning those crown jewels are fully accessible to everyone. 

Researchers at North Carolina State University found “that not only is secret leakage pervasive — affecting over 100,000 repositories — but that thousands of new, unique secrets, identified as AP and cryptographic keys, are leaked on GitHub at a rate of thousands per day.” Further highlighting how exposure on code repositories, such as GitHub, was a growing concern raised by users on Twitter highlighting how passwords could be searched across GitHub – imploring GitHub to introduce new features, instantly, to address such exposure. 

Separately, In 2018, an attacker located an AWS credential within code in a private repository for Uber Engineers on Github. Though the repository was private, it is thought that the attacker either brute forced or password guessed the credentials – allowing them access to the app’s databases, stealing personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers. Ensuring data is protected doesn’t just mean the databases aren’t publicly available – but that the access to it has sufficient authentication practices in place too. 

Employees can inadvertently commit sensitive technical data to public repositories, especially if there is no guidance from internal security policies or education from the business on what should or shouldn’t be shared. Examples of sensitive data that could be inadvertently leaked are:

  • Proprietary code, potentially compromising your intellectual property
  • Internal network details and configuration data, giving hackers a view of your infrastructure
  • Live code that could be used for vulnerability research against public products and services

If companies can monitor their employees’ corporate activity on public code repos, then they can preemptively educate them on potential leakage, with the aim to avoid serious technical leakage events in the future.

Using SearchLight to detect technical leakage

In addition to monitoring for code exposure or secrets across public repositories, organizations can now track, with the “unauthorized commit alert”, their employees’ corporate activity on public code repositories. Identifying whether employees have unintentionally committed to a repository, provides organizations with a quick, scalable way to preemptively catch leakage before it becomes a serious threat.

Software Development: More than securing software from within

Like everything, software development is currently affected by the forces of digital transformation, which blurs network perimeters, meaning data is increasingly likely to be exposed online. On top of that, the nature of the software development industry, which demands rapid deliveries and multiple stakeholders working together on collaborative tools, has also increased the likelihood of sensitive data to be exposed publicly. To prevent the exposure of software online and to minimize threats to software, Digital Shadows recommends the following:

  • Monitor for technical assets:  Benefit from a set of free tools or paid tools to detect public code exposure – or sensitive company assets across public repositories, such as Github, BitBucket, or Gitlab. Searchlight, for example, detects technical leakage – and whether an employee has used their corporate email to publicly commit to repositories. Learn more about Digital Shadows capability here. Alternatively, free, open-source tools available include Git hound, which prevents sensitive data from being exposed or TruffleHog, which searches through repositories for secrets. 
  • Increase awareness: Individuals may not be clued up when it comes to securing technical data. Such a problem can be easily solved by better education and training around these risks. 
  • Ease of use: When it comes to software collaboration tools, such as GitHub or GitLab, ensure security protocols are set to prevent activity from being posted publicly

To learn more, please check out the resources below or our new web page, Technical Leakage Detection.

Technical Leakage Detection Overview
Unauthorized Commit to Public Code Repository Risk
>

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of...
COVID-19, Remote Working, and The Future of Cyber Security

COVID-19, Remote Working, and The Future of Cyber Security

April 15, 2020 | 6 Min Read

The unprecedented global lockdown in the face of...
How to minimize cybersecurity breaches in 2020

How to minimize cybersecurity breaches in 2020

April 8, 2020 | 9 Min Read

Seriously, don’t click back or close – I...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
Love Where You Work – Near and Far We Celebrate Our Team

Love Where You Work – Near and Far We Celebrate Our Team

March 12, 2020 | 6 Min Read

#LoveWhereYouWork Entering into 2020 felt a bit...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few...
The Ecosystem of Phishing: From Minnows to Marlins

The Ecosystem of Phishing: From Minnows to Marlins

February 20, 2020 | 31 Min Read

YOU JUST WON $1,000. CLICK HERE TO CLAIM YOUR...
RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

February 19, 2020 | 5 Min Read

  RSA Conference is just days away, and...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer...
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

January 23, 2020 | 5 Min Read

  I often get asked to share examples of...
Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

January 22, 2020 | 5 Min Read

  I’ve spent over 25 years now in the...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
Top Security Blogs of 2019 from Digital Shadows

Top Security Blogs of 2019 from Digital Shadows

December 20, 2019 | 4 Min Read

  As we approach the end of 2019, we...
2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019 | 10 Min Read

  If all the holiday fuss isn’t...
2.3 billion files exposed across online file storage technologies

2.3 billion files exposed across online file storage technologies

December 3, 2019 | 17 Min Read

Originally published May 2019 2.3 billion is a...
Asset Inventory Management: Difficult But Essential

Asset Inventory Management: Difficult But Essential

November 27, 2019 | 4 Min Read

  If it’s one thing that most security...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the...
Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019 | 3 Min Read

This is a guest blog, authored by Matthew...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness...
Understanding the Consequences of Data Leakage through History

Understanding the Consequences of Data Leakage through History

October 24, 2019 | 4 Min Read

One of the most interesting aspects of...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in...
DevSecOps: Continued Database Exposures Point to Growing Challenges

DevSecOps: Continued Database Exposures Point to Growing Challenges

September 24, 2019 | 5 Min Read

Last week, we learned that millions of...
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

September 17, 2019 | 8 Min Read

Data breaches are not slowing down. Nobody...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows...
Capital One Breach: What we know and what you can do

Capital One Breach: What we know and what you can do

July 31, 2019 | 5 Min Read

Monday blues. It’s a thing. It’s when you...
Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

July 24, 2019 | 4 Min Read

With BSides, Black Hat and DEF CON (aka Security...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has...
Welcoming NAB Ventures & Scaling SearchLight for Growth

Welcoming NAB Ventures & Scaling SearchLight for Growth

July 9, 2019 | 2 Min Read

Today is an exciting day for Digital Shadows....
Leaky SMB File Shares – So Many Bytes!

Leaky SMB File Shares – So Many Bytes!

June 19, 2019 | 5 Min Read

Everyone loves a sequel. If you’re an avid...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we...
Partnering with SecureLink to help organizations minimize their digital risk

Partnering with SecureLink to help organizations minimize their digital risk

May 15, 2019 | 3 Min Read

Today we announced that SecureLink, one of...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to...
Announcing Digital Shadows’ ISO27001 certification

Announcing Digital Shadows’ ISO27001 certification

May 7, 2019 | 2 Min Read

I'm pleased to announce that Digital Shadows has...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an...
Making Some Noise in the Channel

Making Some Noise in the Channel

April 1, 2019 | 3 Min Read

Digital Shadows Channel REV Partner Program...
Detecting Exposed Company Data: The What, Why, and How

Detecting Exposed Company Data: The What, Why, and How

March 12, 2019 | 3 Min Read

What is data loss detection? A fundamental...
Six Steps for Security Professionals to make the most out of the RSA Conference

Six Steps for Security Professionals to make the most out of the RSA Conference

February 20, 2019 | 4 Min Read

This year’s RSA Conference is March 4th-7th in...
Photon Research Team Shines Light On Digital Risks

Photon Research Team Shines Light On Digital Risks

February 13, 2019 | 2 Min Read

I’m very excited to announce the launch of the...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
CISO Spotlight: Security Goals and Objectives for 2019

CISO Spotlight: Security Goals and Objectives for 2019

February 7, 2019 | 6 Min Read

I recently joined our ShadowTalk podcast to...
You’ve got a digital strategy, but how are you managing digital risks?

You’ve got a digital strategy, but how are you managing digital risks?

February 7, 2019 | 3 Min Read

Download a free copy of Digital Risk: The...
Joining The Market Leader in Digital Risk Protection

Joining The Market Leader in Digital Risk Protection

February 6, 2019 | 3 Min Read

Our marketing department asked me to write a blog...
SingHealth Breach Post-mortem: Key Findings

SingHealth Breach Post-mortem: Key Findings

January 29, 2019 | 5 Min Read

On 10 January 2019, Singaporean authorities...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Four New Year Cyber Security Resolutions

Four New Year Cyber Security Resolutions

January 3, 2019 | 8 Min Read

Another year is upon us in the world of...
Digital Shadows New Integration for Splunk

Digital Shadows New Integration for Splunk

December 10, 2018 | 3 Min Read

Today we announced the release of an updated...
Using Shadow Search to Power Investigations: Sextortion Campaigns

Using Shadow Search to Power Investigations: Sextortion Campaigns

December 6, 2018 | 3 Min Read

We recently wrote about sextortion campaigns and...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive...
Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

October 19, 2018 | 7 Min Read

This week we move onto theme three of Cyber...
Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

October 17, 2018 | 7 Min Read

This week, National Cyber Security Awareness...
Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

October 11, 2018 | 5 Min Read

This week’s theme for National Cyber Security...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
10 Things You Didn’t Know You Could Do with Shadow Search™

10 Things You Didn’t Know You Could Do with Shadow Search™

September 25, 2018 | 5 Min Read

You may have seen that we’ve recently released...
GAO’s Equifax Post-mortem Report

GAO’s Equifax Post-mortem Report

September 11, 2018 | 5 Min Read

It’s common for the exciting and novel issues...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest...
Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

August 1, 2018 | 3 Min Read

In my most recent blog post I discussed Digital...
Security Spotlight Series: Dr. Richard Gold

Security Spotlight Series: Dr. Richard Gold

July 31, 2018 | 4 Min Read

Organizations rely on Digital Shadows to be an...
Black Hat USA 2018

Black Hat USA 2018

July 26, 2018 | 2 Min Read

Black Hat USA 2018 is quickly approaching! The...
Security Analyst Spotlight Series: Harrison Van Riper

Security Analyst Spotlight Series: Harrison Van Riper

July 10, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
Diversity and Digital Shadows Women’s Network

Diversity and Digital Shadows Women’s Network

June 26, 2018 | 3 Min Read

If you haven’t already watched RBG - a movie...
Security Analyst Spotlight Series: Rafael Amado

Security Analyst Spotlight Series: Rafael Amado

June 14, 2018 | 9 Min Read

Organizations rely on Digital Shadows to be an...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
A New Approach for Channel Security Consultants

A New Approach for Channel Security Consultants

May 22, 2018 | 5 Min Read

Old school security practices simply don’t fit...
Digital Shadows 7th Anniversary – A Look Back

Digital Shadows 7th Anniversary – A Look Back

May 16, 2018 | 4 Min Read

Today marks the 7th anniversary of Digital...
Offsetting Dunbar by Developing Diversity

Offsetting Dunbar by Developing Diversity

May 8, 2018 | 2 Min Read

Some of you may be familiar with the Dunbar...
Digital Shadows Opens New State of the Art London Office in Canary Wharf

Digital Shadows Opens New State of the Art London Office in Canary Wharf

April 26, 2018 | 2 Min Read

When myself and James Chappell set the company up...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data...
Introducing Shadow Search – Quickly enable deeper research and investigation

Introducing Shadow Search – Quickly enable deeper research and investigation

April 10, 2018 | 5 Min Read

All enterprises face key challenges in their...
One CISO’s Recommendations for Making the Most of RSA Conference Sessions

One CISO’s Recommendations for Making the Most of RSA Conference Sessions

April 9, 2018 | 6 Min Read

Last week, Enterprise Strategy Group (ESG)...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”,...
RSA Conference 2018 – Digital Shadows

RSA Conference 2018 – Digital Shadows

March 28, 2018 | 2 Min Read

RSA Conference is almost here! This year’s...
Ransomware in 2018: 4 Things to Look Out For

Ransomware in 2018: 4 Things to Look Out For

March 8, 2018 | 4 Min Read

Ransomware remains an active threat for...
Pressing For Progress This International Women’s Day

Pressing For Progress This International Women’s Day

March 8, 2018 | 3 Min Read

"Do you think you're going to be able to handle...
Data Privacy Day: 8 Key Recommendations for GDPR Readiness

Data Privacy Day: 8 Key Recommendations for GDPR Readiness

January 26, 2018 | 4 Min Read

This Sunday is Data Privacy Day, “an...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...
Digital Shadows Launches Weekly Newsletter: “In the Shadows”

Digital Shadows Launches Weekly Newsletter: “In the Shadows”

January 8, 2018 | 2 Min Read

Digital Shadows has just launched a new...
GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

January 4, 2018 | 3 Min Read

In 2010, reports emerged that the Information...
Why I Joined Digital Shadows: Product, Culture and Opportunity

Why I Joined Digital Shadows: Product, Culture and Opportunity

December 13, 2017 | 2 Min Read

Making the decision to join Digital Shadows was...
A New CISO Looking to See How Deep the Rabbit Hole Goes

A New CISO Looking to See How Deep the Rabbit Hole Goes

December 12, 2017 | 2 Min Read

Well it is official, I’m now the Chief...

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs...
Meet the New Digitalshadows.com

Meet the New Digitalshadows.com

November 29, 2017 | 2 Min Read

This morning we launched the new Digital Shadows...
GDPR – Not Just a European Concern

GDPR – Not Just a European Concern

November 20, 2017 | 6 Min Read

This post originally appeared...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
women in cyber

Women in Security: Where We Are And Where We Need To Go

October 25, 2017 | 7 Min Read

Ada Lovelace, Grace Hopper, Katherine Johnson,...
Digital Shadows Announcement

Simply Put, Effective Cybersecurity is the Strength Sum of Its Parts

October 11, 2017 | 2 Min Read

Today’s cybersecurity landscape, dominated as...
online safety

Simple Steps to Online Safety

October 5, 2017 | 4 Min Read

On the heels of some very high-profile and...
NCSAM

Gearing Up For National Cyber Security Awareness Month

October 3, 2017 | 4 Min Read

I’m going to go out on a limb and say that...
equifax research report

2017 Equifax Breach: Impact and Lessons Learned

September 28, 2017 | 3 Min Read

Equifax experienced a data breach that occurred...
digital shadows funding

Recognition of Hard Work and Relevance – It’s Time to Go Global

September 20, 2017 | 3 Min Read

The news this morning that Digital Shadows has...
equifax breach update

An Update on the Equifax Data Breach

September 13, 2017 | 8 Min Read

The credit reporting agency Equifax...
Equifax Breach Assessment

Equifax Breach: The Impact For Enterprises and Consumers

September 8, 2017 | 9 Min Read

What we know about the Equifax breach On...
Credential Exposure Data Loss Blog

Bitglass: Compromised Credentials are Just One Way Your Corporate Data is Being Exposed

August 18, 2017 | 2 Min Read

A guest blog from Bitglass, read the original...
Company Anniversary Cyber Security

Digital Shadows’ 6th Anniversary

May 16, 2017 | 5 Min Read

It’s amazing to think that the idea James and I...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Digital Shadows Announcement

Five Reasons Why Alex Seton VP of Business and Corporate Development, Joined Digital Shadows

March 21, 2017 | 3 Min Read

What a great feeling to find a company that cuts...
Top 3 blogs

The Top Three Most Popular Blogs of 2016

December 8, 2016 | 2 Min Read

It’s been a great year for the Digital Shadows...
Adaptation

Resilience: Adapt or Fail

October 28, 2016 | 5 Min Read

“But it ain’t how hard you hit; it’s about...
4 Tricks to Make a Cybersecurity Training a Treat

4 Tricks to Make a Cybersecurity Training a Treat

October 12, 2016 | 3 Min Read

A Halloween nightmare: Thunderstorms rage...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
cyberattacks

Do Not Invite Them In: What “Human Error” Can Mean In Practice

October 6, 2016 | 4 Min Read

Although you may or may not be a fan of vampire...
Five Tips To Make Your Passwords Better

Five Tips To Make Your Passwords Better

September 26, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...
breached data

The Industrialized Uses of Breached Data

September 21, 2016 | 4 Min Read

In our first blog, we outlined a number of...
credential compromise

Beauty and the Breach: Leaked Credentials in Context

September 21, 2016 | 4 Min Read

Our analysts recently researched credential...
New report: 97 percent of the top 1,000 companies suffer from credential compromise

New report: 97 percent of the top 1,000 companies suffer from credential compromise

September 20, 2016 | 2 Min Read

Data breaches and credential compromise are not...
exploit kits

Three easy tips to staying safe online

September 19, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Shadow Brokers

Four Things We’ve Learned From the Alleged Equation Group Code Leak

August 22, 2016 | 4 Min Read

The wake of the deeply bizarre auction of...
security culture

Security Culture: You’re only as strong as your team

August 18, 2016 | 4 Min Read

When you’re hurt you feel pain, you see a cut...
Wall of Sheep

Gambling with Security in Vegas: Not Your Best Bet

July 27, 2016 | 4 Min Read

With BSides Las Vegas, Black Hat, and DEF CON...
thedarkoverlord

Thedarkoverlord – losing his patients?

July 26, 2016 | 4 Min Read

In late June 2016, we observed a spate of attacks...
breach disclosure

5 Key Lessons From The FDIC’s Breach Disclosure Debacle

July 18, 2016 | 4 Min Read

Last week, the United States House Science, Space...
thedarkoverlord

10 ways to prepare for credential leak incidents

June 30, 2016 | 2 Min Read

From LinkedIn to MySpace, threat actors like...
OpAfrica

Data breaches targeting financial services: 2016 so far

May 26, 2016 | 3 Min Read

It’s been a busy year for data breaches...
Bozkurt Hackers

Bozkurt Hackers continue to leak bank data

May 13, 2016 | 4 Min Read

A threat actor calling itself “Bozkurt...
Digital Shadows Announcement

Digital Shadows – The Innovation Continues

May 13, 2016 | 2 Min Read

This week, Digital Shadows will turn five years...
DBIR

Analyzing the 2016 Verizon Data Breach Investigations Report

May 2, 2016 | 4 Min Read

Last week Verizon released the 2016 Data Breach...
Hacking Team

The Hacking Team breach – an attacker’s point of view

April 22, 2016 | 3 Min Read

On 17 April 2016, two posts were added to...
Mergers and acquisitions

It’s time to put the diligence into your M&A due diligence

March 29, 2016 | 2 Min Read

The headlines resulting from the Target/Fazio...
Digital Shadows Announcement

Why I joined Digital Shadows

January 28, 2016 | 3 Min Read

Departing Forrester Research wasn’t an easy...
Bloomberg Business

Digital Shadows honored as Bloomberg Business Top Innovator

January 26, 2016 | 1 Min Read

We're pleased to announce that Bloomberg Business...
Digital Shadows Announcement

Digital Shadows Welcomes Rick Holland as Vice President of Strategy

January 19, 2016 | 1 Min Read

Last year was an exciting time for Digital...
ransomware

Emerging Markets: Online Extortion Matures via DDoS Attacks

November 9, 2015 | 5 Min Read

Unlike scenes from books or movies where shadowy...
TalkTalk

TalkTalk: Avoiding The Hype

October 28, 2015 | 4 Min Read

There has been no shortage of media coverage on...
Digital Shadows Announcement

Digital Shadows Invited To 10 Downing Street

September 8, 2015 | 2 Min Read

Digital Shadows invited to 10 Downing...
Digital Shadows Announcement

Digital Shadows joins roundtable at 10 Downing Street

September 8, 2015 | 1 Min Read

Digital Shadows invited to 10 Downing...
Remote

Remote working at Digital Shadows

September 8, 2015 | 6 Min Read

This post will cover some of the challenges...
Adult Friend Finder

The Adult Friend Finder Breach: A Recap

September 7, 2015 | 5 Min Read

27th May 2015: Last week, news quickly...
Al Hayat

Saudi Arabia MOFA Breach

September 7, 2015 | 5 Min Read

Introduction As of April 2015 there were more...
Digital Shadows Announcement

Digital Shadows Integrates With Maltego Through Partnership With Malformity Labs

September 7, 2015 | 4 Min Read

The need for organizations to focus on their risk...
Announcement

Exciting Times, Exciting Team at Digital Shadows

September 4, 2015 | 4 Min Read

Yesterday we announced that Stuart McClure,...
Digital Shadows Announcement

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

September 4, 2015 | 2 Min Read

One of the foundational values of Digital Shadows...