Digital Risk Protection (DRP) Glossary
We are aware of the information overload and wealth of technical terms that may sometimes be confusing. To make it easier to understand industry terminology, we came up with some definitions of some of the most popular cybersecurity concepts.
In its 2020 report titled “Emerging Technologies: Critical Insights in Digital Risk Protection Services,” Gartner defines Digital Risk Protection (DRP) as “a key technology solution that supports” digital risk management (DRM) capabilities. A digital risk protection solution is an additional security layer that safeguards corporate digital assets from external threats, improves security team efficiency, and protects brand reputation by identifying unwanted exposure in real-time. It includes a number of sub-categories, such as dark web monitoring, brand protection, data leak detection, technical leakage detection, account takeover prevention, and financial fraud prevention.
Open Source Intelligence (OSINT)
Open Source Intelligence regroups all the processes and methods that collect and analyze public, open information to generate intelligence. The term originates from the national security and military sectors, and complements other types of intelligence, such as Signal Intelligence (SIGINT) or Human Intelligence (HUMINT). In the cybersecurity field, it usually includes any information publicly available on the internet, on websites, forums, marketplaces, chat rooms and other services.
An organization’s digital footprint represents the entire public information digitally available on various internet platforms. Larger companies, as well as those which have a stronger use of modern technologies, tend to have a more far-reaching footprint. Although much of an organization’s footprint can be harmless, certain information can either represent intellectual property leaks, or support a malicious actor in a cyberattack by providing key data points to execute phishing operations, intrusions or other attacks.
The term is also used to describe the different data points related to an individual’s identity, such as names, addresses, passwords or pictures.
In the context of Digital Risk, the concept of brand protection includes protection from any vector that would leverage digital channels and lead to a loss of trust or reputation in the eyes of an organization’s customers, partners or investors. A variety of events can lead to this consequence, including data breaches, phishing campaigns, social media brand impersonation, large-scale fraud and account takeovers.
Brand impact is one of the three large potential consequences of digital risks, alongside regulatory fines and the loss of productivity due to the operational impact of cyberattacks.
Account takeover describes the action of a malicious actor that takes control of a legitimate account. It can be split in two broad categories: corporate or customer account takeover.
Corporate account takeover occurs when the actor gains access to an account belonging to an employee or a company. This includes email accounts and social media accounts that can be leveraged for impersonation and fraud.
Customer account takeover occurs when a threat actor gains access to a customer’s online account, including through banking or any other digitally accessible portals. Although much more common than the first category, a single customer account breach could have much lower impact since the customer does not have access to the company’s infrastructure or internal communication channels. Nevertheless, the impact can quickly escalate if the number of breached accounts grows, which is often the case as actors integrate automated attack tools in their workflow. A large number of customer account takeover cases has negative effects on brand trust, and increases incident remediation costs.
Data leakage occurs when third parties gain unauthorized access to an organization’s private information.
Data leaks can happen by accident due to human errors and misconfigurations, or following a cyberattack. Data leakage impact varies wildly depending on the type and scale of the information, but generally includes an increased chance of attacks and phishing, negative brand impact and loss of productivity.
Typical leaked data include personal information, intellectual property, business and financial information, and technical information.
Technical Information Leakage
Technical information leakage is a data leak that includes IT-related data, which would help a malicious actor in an attack. This includes code, credentials, API keys, access tokens, Active Directory structure and internal domain names. This information can support an attacker in his initial access, for lateral movements and for privilege escalation.
The threat intelligence field is conceptually very close to the Digital Risk Protection field, in the sense that it looks for key information on the dark, deep and clear web to provide actionable insights. The key difference between the fields is that threat intelligence focuses on threat actors and related tactics, techniques and procedures (TTP) and related indicators of compromise (IOC). This information is critical to a performant SOC, but lacks coverage for other business risks due to external activities – which is where Digital Risk Protection comes in.
Impersonation can target a brand or an individual. When a brand is concerned, malicious actors can create false profiles or websites to lure employees or customers into entering personal information or credentials, typically leading to intrusions or fraud.
If an individual is targeted, impersonation is typically done on a high-ranking employee such as a CEO, COO or CFO, to gain access to information or communication channels that can be leveraged for business email compromise (BEC) and fraud.
A takedown is the process of removing a website or content from the public internet to reduce impact. It can be done for a domain name, by working with registrars and for online content on services such as GitHub. The process generally requires communication with the owner of the service to explain why the content should be removed. Most Digital Risk Protection platforms provide support for these removals.