Successful organizations and influential people rely on the public Internet to promote their brands, ideas, and products. A significant amount of time and energy goes into building a brand, and most of it is spent online.
However, every activity performed online involves exchanging some data. That includes social media posts on your public-facing accounts, activities your employees take on your behalf, and even third-party applications that automate high-volume workloads for your business.
These actions leave a trail of data and metadata called a digital footprint. It can include websites visited, geolocation data, advertising preferences, and much more.
On its own, a single piece of digital footprint data is harmless. However, if threat actors gather enough of this public data, it can significantly expand their capabilities. Information security leaders need to pay close attention to the way their organizations expose this kind of data to the public.
Digital footprint data comes in two broad categories:
Taken altogether, these different pieces of data can form convincing images of users themselves. It' not a coincidence that many cybersecurity detection tools work by analyzing passive footprint data and looking for anomalous behavior.
Cybercriminals are aware of the kind of data that detection-based cybersecurity tools analyze and can use digital footprint data to improve their attack strategies. Social engineering attacks are particularly well-suited to this kind of context.
For example, imagine your organization' CEO is a member of a local golf club and posts regularly about it on social media. An attacker may decide to spoof the golf club' website, send a special members-only phishing message to the CEO' email account, and successfully compromise an executive email account – a major breach.
The more digital footprint data an attacker has, the more realistic and convincing their spear phishing scenario can be. A sophisticated attacker can find and use many different data points to prepare for this kind of attack, like what kind of mobile device the target uses, the names of friends and family members, and much more.
Reliably protecting an individual' digital footprint is challenging enough – doing the same for an entire organization borders on the impossible. Information security leaders need to take a multi-layered approach to adequately protect users from data-enriched attack tactics.
Digital footprint data rarely makes itself known. It is not often the focus of routine security checks or even intensive audits. Enlist Lumifi's help to review the way your organization – and its most visible employees – interact with the public internet and deploy a multi-layered security solution that can protect your systems from attackers who may use their information against them.