Why the time is right for automated digital risk protection
The scale and sophistication of the cyber risk facing businesses today, and the expanding risk surface caused by digital transformation, the cloud and remote/home working, demands a multi-layered, proactive approach to security.
It is no longer enough just to defend the perimeter. Today, organisations must also take steps to protect data beyond the firewall and that means having the right defences on remote devices and also intelligence to identify threats and detect when a breach has occurred.
This is where Digital Risk Protection (DRP) comes in.
By searching the surface, deep and Dark Web for critical data and potential threats to an organisation, DRP gives businesses (and their customers) reassurance that their data is safe or, if data is found, early warning that a breach has occurred.
David Chalmers, Chief Marketing Officer (CMO) at UK digital risk protection specialist Skurio, says that DRP is an increasingly necessary supplement to traditional defences.
“Traditional cyber security is all about defending the network, defending a business with an established perimeter and stopping people from getting in. Digital Risk Protection works on the presumption that your data is already outside, because of home-working and human error, which is the cause of 80-90% of data breaches that occur.
“Cyber security software won’t stop someone from leaving a USB stick on the bus or sending an email with a file to the wrong person. You have to assume that those mistakes are going to happen and look in places outside your network to see if your data appears there. That is the basic difference between traditional security and DRP.
“Rather than looking for a new piece of malware or a new actor targeting certain kinds of business, we look for data belonging to an organisation. It could be contact data; it could be employee credentials; it could be customer data. If you are not looking for it, you won’t know it’s there and so won’t be able to mitigate damage from a breach or stop a breach that might be ongoing,” he said.
Chalmers points out that as well as finding data caused by a breach that a client might not even be aware of, DRP can be used to gather intelligence on vulnerabilities or planned attacks.
“Hackers are very chatty. They will go on hacker forums and say ‘Here is a port scan of this company. If you want to go and attack them, here’s how you can do it. Here are some scripts and some other things that you can use.’ They share stuff very collaboratively. We can find that as well,” he said.
To date, DRP has largely been the preserve of enterprises with the resources to establish in-house teams to conduct searches manually. Now, by developing an automated DRP platform, which Chalmers likens to a search engine for finding information in the deep and darkest web, Skurio is bringing DRP within reach of smaller companies and enabling managed service providers to develop new services for their customer base.
“Some organisations will have cyber intelligence teams that use a bunch of different tools to go into the dark web and look at hacker forums and marketplaces where data is being sold. Our system does all that automatically. We save customers time; they don’t need expert resources to find what they are looking for; and we make it safe. We go into those dangerous places, where all kinds of bad things are happening, and we pull that data into our system where the customer can look at it very safely,” he said.
Having established its platform with large end user organisations, Skurio is now seeking to build awareness of DRP in the broader business community, particularly amongst businesses that have moved, or are moving, some of their data to online cloud services, as part of their digital transformation.
Chalmers points out that moving customer or employee data to a cloud service, where it will be processed by third parties, is a risk for businesses that will still be responsible for safeguarding that data but won’t have complete control over it or necessarily know when a breach has occurred.
“The digital supply chain that is evolving quite rapidly with digital transformation is a major driver of the need for DRP because it means your data is now in the hands of other organisations that you don’t control. It is quite a nascent market, in terms of people understanding the need for it and the availability of solutions, which is why having a very expansive channel programme, with resellers and managed service providers (MSPs) spreading that message far and wide, is really critical,” he said.
Critical for Skurio and for enterprises and small and medium-sized businesses looking for reassurance that their data is safe and has not been compromised through malicious or accidental actions from within or outside their organisation.