Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management. In part 1, we discussed how understanding cyber threats requires a threat intelligence capability and consists of 4 main areas. In this next blog, we discuss the main areas that contribute to data leakage risks.
Leaked information can provide valuable clues for adversaries. Below are 6 main areas that contribute to data leakage risks.
Sensitive code and private encryption keys that are publicly available on code-sharing sites. This can allow attackers to better tailor their attacks to an organization.
Employee credentials are exposed in third-party breaches. These credentials are then used by attackers for account takeovers, spam lists, credential stuffing, spear-phishing and post-breach extortion.
Figure 1: A criminal forum discussing various configurations for SentryMBA, a credential stuffing tool
Sensitively marked documents are inadvertently leaked out by partners and employees. As well as opening up organizations for corporate espionage, it also allows attackers to weaponize legitimate-looking documents and launch targeted attacks.
Intellectual property is freely available and shared online, inadvertently and by malicious actors. This can leave organizations vulnerable to corporate espionage. But if an organization is aware that a new design, for example, has been leaked early, they can get it removed and mitigate accordingly.
Employees reveal information about security procedures, software and hardware. This information can be used by attackers as they perform reconnaissance on an organization, seeking out specific software to exploit.
Figure 2: A company tweet that inadvertently shares the company wifi password
Organizations and their supply chain may be inadvertently exposing customer PII. This information can have a compliance impact, given the recent EU General Data Protection Regulation (GDPR).
This information leaves organizations vulnerable to corporate espionage and competitive intelligence. Worse still, criminals and hostile groups can exploit this leaked data to find the organization’s weak points and launch targeted cyber-attacks. By monitoring for this leakage, organizations can gain an awareness of where they are exposed and remediate.
To learn more, check out our web page on digital risk management, or check out our 1 pager below.
The 5 Main Areas that Contribute to Data Leakage Risks from Digital Shadows