By now, the term digital footprint shouldn't be a mystery anymore. We roll our eyes every time we see our teenage niece or that colleague on Facebook exposing half of their life online. “Are they not thinking about the dangers?” we think. On top of that, the term “digital footprint” covers the total web presence - uploaded elements plus data from analytic technologies, i.e. things beyond our direct control. So given that “every day, whether we want to or not, most of us contribute to a growing public portrait of who we are online” (internetsociety.org), how should we keep an overview of what can be found about us?
Same same for organizations.
Think about the company you work for. Does it have 10 or 100 or more Internet domains under control? How big is its digital footprint? Internet domains spanning each 50 active subdomains? Or 500? Which web applications, third party web frameworks and files are exposed? Are they vulnerable? Do they leak sensitive information? How are new assets in your company reported to the risk & security stakeholders? Is there an inventory of all Internet facing assets and is it complete and up-to-date?
“Good questions… difficult to answer… I don't know, of and new assets have to be reported to someone who reports it to another one who will, put it in a spreadsheet...”
If that's somehow close to what you were thinking then don't worry, we observe this in most of our customer meetings. You're not alone. “Risk, Security and IT teams are having difficulties to cope with all the work and lack of continuous visibility in the evolution of the company's tech stack they have to secure. Understanding and defending your business against cyber risk is challenging with the increasing complexity and growing nature of digital footprints.” (Stijn Vande Casteele, Sweepatic CEO).
Now, it’s hackers rolling their eyes with a grin on their face: “They're not aware of how much valuable intel I'll find in their mess! :D”
Anyways, we believe, in order to gain visibility and spend money for defenses adequately, the question is not if whether or not an organization is aware of the dangers, but if it has the capability to keep an overview and spot weaknesses (before they become dangerous) in an ever growing attack surface.
Apropos Attack Surface.
I used “ever growing”, but “exponentially growing” would fit better.
With Industry 4.0, “the convergence of cloud, mobile, social and data have ushered in a new wave of business models that will present unique challenges for various industries,” said Bob Weiler in Forbes.
Especially IoT devices will drastically expand the attack surface of organizations (accenture.com)(oil and gas companies for example).
If an organization wants to remain competitive, this expansion through technology is inevitable and enables many new possibilities to threat actors. Actively taking control over the presented opportunities is therefore of utmost importance, for it will positively reflect on performance, risk, and financial management.
Actively take control.
Deloitte correctly points out: “While defenders are compelled to plug every security gap in their complex, changing environments, the attacker only needs to take one successful action to achieve their win.”
With all this in mind, it's not too surprising that “90% of CIOs admit to wasting millions on inadequate cybersecurity” (venafi.com), because:
- Time and productivity are lost through manual, slow and human processes, that are unreliable AND uncontrollable.
- Even the best of the best cyber security capabilities, if fed with incomplete data, will produce unreliable intelligence.
- The cost of inadequate decisions based on unreliable intel is huge.
Let an intelligent machine do it for you.
Our solution is fixing this old process. Build around top notch reconnaissance techniques, the Sweepatic platform discovers every little bit of your digital footprint, and explores every oh so hidden and forgotten place for weaknesses - a platform that discovers, analyzes all your Internet facing assets and their exposure to cyber risk. It runs in a non-intrusive way on the Internet with any installation required in your environment.