Underrated Risk Visualized
Terbium Labs recently published research regarding how businesses are estimating digital risks and threats against themselves. The research uncovered that businesses are actually underestimating these risks by ignoring the available facts on the ways, means, and impacts of data exposure. Download a copy of our infographic here, and get the full research paper from our research page in the resources library.
It is paramount for security professionals to be able to accurately determine their risk tolerance, identify risks targeted at their organization, and base security decisions on actionable data. Our research shows there is a definite disconnect in these areas.
We surveyed over 300 information technology (IT) professionals in the United States and Canada to better understand how businesses currently monitor and detect incidents of exposed data on the Internet, their current and future risks and the potential negative outcomes. This article takes a brief look at one shocking insight from the research, the disconnect in digital risk. You can read the full report here.
What Are The Disconnects in Digital Risk?
As mentioned above, our most recent research presents some shocking findings, such as the disconnect in digital risk – but within these larger finds are smaller insights that you can use to better inform your own digital risk protection plans.
Several disconnects were presented in the research report. We will briefly discuss two of these disconnects and their potential impact on business operations in this post.
Employee vs Customer Data
There also exists a disconnect between the valuation of employee vs customer data and what risks these data types pose to a business. The chart above shows the disparity in concern between employee and customer data of the same type. This is concerning due to the usefulness of employee data to cybercriminals. Employee credentials, for example, allow unauthorized access to your internal systems and allows bad actors to exfiltrate data from across your organization.
Organizations are also underrating the risks of exposure for both customer and corporate information – though the situation is arguably direr on the corporate side. When we asked the survey respondents to specify which types of customer data they believe could be at high risk of being exposed online, only 30% responded ‘debit/credit card numbers’. This is past alarming as Terbium Labs has identified hundreds of millions of stolen payment cards circulating in criminal markets and forums. This is a clear indication of the disconnect that exists between the reality and perception of digital risk. This underrating of risks results in unmonitored data, which become vulnerable, gaping holes in digital risk protection for your organization.
Why is There a Disconnect? How You Beat It
Though businesses and organizations at risk of data exposure are beginning to recognize the typical ways and means of exposure and compromise, they have stopped short of identifying the broader risks to business operations as a result of initial exposure. As a result, we are seeing organizations plan only for the initial fallout of data exposure instead of considering the longtail impacts on their reputation, shareholder value, or customer loyalty.
To beat the disconnect, you need to identify the disparities between perceived risk and reality within your organization. You can do this by remembering to Do-C-Do (no square dancing necessary).
Don’t Be Overconfident
Continuously monitor for threats against your data and your business and use the intelligence you gather to create action plans based on data instead of perception and opinion.
Consider The Longtail Consequences
Compromised data can be leaked hundreds of times, especially those that result from high-profile breaches. When considering the risks certain data types pose, you must also take a look at what bad actors can accomplish when using that information against you.
Don’t Ignore the data
Trends exist for a reason. They help you understand and give context to threats targeted at your organization, your digital assets, and your employees.
Get The Research
The research is clear though unnerving, we have to do more to align digital risk protection practices and perceptions with real risk mitigating strategies and reality.
Terbium Labs publishes research on digital risk protection and other topics in information security.