There has been a lot of talk recently about Digital Risk and Digital Risk Protection. Forrester published their 2018 New Wave on Digital Risk Protection (you can download a copy here). However, Digital Risk is not a new topic; it’s been around since at least 2010.
This blog outlines the key elements of Digital Risk, and why this should be a priority for any organization with a digital strategy.
Risks of Digital Transformation
Most organizations will have the investment in digital as one of their strategic goals, believing it will increase speed, collaboration, efficiency, and profit. All of these benefits can (and should) be achieved, but this will only happen if the associated risks are effectively managed. Digital transformation, in practice, means that organizations focus on four objectives.
Figure 1: Four common objectives of digital transformation. Source: A Practical Guide to Reducing Digital Risk
Every new technology, connection, or application increases complexity and data becomes stored in more places. The supply chain that provides the services or accesses that data is far greater, and weaknesses in legacy technologies make this world especially challenging to protect.
Digital footprints are vast and growing; as more technologies and third parties form a more complex ecosystem, it becomes hard to understand the growing attack surface, manage shadow IT, measure the ephemeral loss of critical data, and understand the integrity of the organization’s identity. The chances of weaknesses or exposure in this growing footprint has increased significantly.
In our de-perimeterized world, much of the critical data assets exists beyond the perimeter. Third parties are actively sharing and exploiting data within their own digital transformation initiatives, which means risks extend well beyond these castle walls.
What is Digital Risk Protection
Few organizations have a handle on the risks associated with digital transformation. According to the Ponemon Institute, 72% of leaders agreed the rush to digital transformation increases data breach and cybersecurity risks.
Digital Risk Protection reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.
Three Areas of Digital Risk Protection
We know that opportunistic adversaries will actively seek and exploit exposed information; looking for an exposed admin password on GitHub, a leaked vulnerability assessment, or network diagrams. Even organizations that claim to not be ‘interesting enough’ for an attacker will have computing resources that themselves have monetary value for criminals.
Digital Risk Protection has three areas of focus: detecting data loss, securing identity and online brand, and reducing the attack surface. Below, we provide tools to begin identifying and protecting weaknesses in organizations’ digital footprints.
Detecting exposed assets and mapping those to known threats can be a daunting task. That’s why we have created two digital risk protection guides to help you understand and reduce digital risk. Check them out below.
- Download Digital Risk: The C-Suite’s Critical Missing Part of Overall Risk
- Download A Practical Guide to Reducing Digital Risk: Tools and Approaches for Security, Intelligence, and Fraud Teams