Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals.
There are five main ways cyber attackers are exploiting traditional approaches to cyber security, which typically overlook organisations’ online interactions, according to a report by threat management firm RiskIQ.
“Increased risk of cyber attack and associated consequences like data theft, operational disruption, brand erosion, and employee and customer compromise have become a natural side effect of digital transformation,” the report said.
The report is based on RiskIQ’s repository of internet data collected by its web-crawling infrastructure, focusing on researchers’ mapping of the global internet attack surface over a two-week period to reveal the true extent of the attack surface of an enterprise.
“Today, organisations are responsible for defending their networks all the way to the edges of the internet,” said RiskIQ CEO Lou Manousos. “Bringing the massive scope of an organisation’s attack surface into focus helps frame the challenges faced by organisations in keeping their employees, customers and brand safe.”
As organisations harden their network perimeter and internal defences, attackers are increasingly finding ways to make money by capitalising on weaknesses in online customer and partner interactions, the report showed.
“But there are many companies that still do not have an official external threat programme as part of their security practice,” said Jay Huff, international marketing director at RiskIQ.
Monitor all potential targets
The report showed there is a wide range of digital assets that are discoverable and exploitable by cyber attackers, underlining that security teams need to look beyond their organisation’s network to consider everything that targets their brand and assets online.
“In today’s world of digital engagement, users sit outside the perimeter, along with an increasing number of exposed corporate digital assets and the majority of malicious actors. As such, companies need to adopt strategies to encompass this change,” the report said.