If you’ve never heard of digital risk protection (DRP) that might be about to change at a time when this type of service is increasingly promoted as the next big cybersecurity must-have.
DRP also called brand risk protection (BRP), is about securing the parts of a company’s digital presence that fall beyond the remit of traditional cybersecurity. Those systems were built to protect networks, users, and data. DRP, by contrast, protects digital assets, of which in the online era there’s suddenly an expanding number. An increasing number of these are relevant to business owners of all sizes.
What a DRP service does, and the way it does it could be incredibly useful depending on the needs of your organisation. In fact, many organisations already do aspects of DRP, although not always terribly effectively or efficiently.
Examples of Digital Risk Protection
Whilst there are many examples of Digital Risk Protection, below are some of the most common – and most important
Domain protection
Web domains have been targeted by typo-squatting attacks for many years – cyber criminals try to impersonate a company’s online presence using near-identical domain names. The usual response is to buy up similar-looking domains defensively, but this can be time-consuming and complex to keep on top of. A DRP service automates the monitoring of similar domains to allow early intervention.
Phishing detection
DRP uses threat intelligence to give customers a heads-up on phishing campaigns targeting its brands that might otherwise go undetected, including those targeting its own employees and executives.
Social media and brand protection
This monitors for hijacked and fake accounts hijacking or impersonating a company’s brand on a variety of social media platforms. It also looks out for fake merchandise being advertised under a company’s brand or the abuse of trademarks.
Data leaks and breaches
A major hazard for organisations is when their customers have their account credentials stolen or leaked, leading to hijacking and fraud. This aspect of DRP monitors for these credentials on the dark web and Telegram channels, something few organisations currently do on their own.
Fake mobile apps
Fake mobile apps are a growing issue that can be difficult to spot until fraud has happened. DRP monitors third-party and mainstream app stories for lookalike apps.
Disinformation campaigns
Many people laugh off fake news, but disinformation and misinformation are becoming a problem for organisations in some sectors, with a 2019 study by the University of Baltimore estimating that disinformation now costs the global economy $78 billion each year. A prime recent example is the torrent of disinformation targeting pharmaceutical companies and vaccines during the pandemic. Other campaigns try to manipulate a company’s share price. DRP monitors these campaigns, giving organisations the ability to contain them.
How Digital Risk Protection Works
A big problem with countering digital threats is that it is often quite complex to do. For example, if an employee spots fake merchandise being sold from a lookalike domain, getting that domain removed can be a time-consuming process that involves liaising with police, trademark lawyers, and domain registrars over periods of weeks and months. Several different employees might be involved over time. DRP platforms promise to make managing this workflow, as well as knowing how to do it, much easier.
The Benefits of Digital Risk Protection
Another way to describe DRP is to say that it’s a way of monitoring a range of threats that organisations don’t know about because it targets them indirectly. This makes it sound like glorified threat intelligence and in a sense that’s true – DRP has emerged naturally from the threat intelligence boom of the last 10 years.
But perhaps more important is the way DRP allows people outside the IT department to take on the monitoring role. One of the reasons why many of the threats listed above are poorly detected and countered is that IT departments either don’t have the time to chase them, think it’s someone else’s responsibility, or don’t understand the risk they pose. They shouldn’t be blamed for this. The fact that phishing attackers have targeted an organisation’s social media brand is not necessarily an IT problem. Ultimately, it’s an issue for the marketing and PR departments that manage the organisation’s social media campaigns. By allowing non-IT people to access a DRP portal, the job of protecting digital assets is decentralised to non-technical people who have a better understanding of the problem.
Is All Digital Risk Protection the Same?
As the number of companies offering DRP has risen, the obvious question is what distinguishes one from another. Currently, there is no simple answer to that. DRP systems are presented as a single interface under which lie different platforms that combine threat feeds, machine intelligence, and manual processes. Some of these are based on primary DRP platforms (ZeroFox, RiskIQ, Digital Shadows, and others), but it’s likely others are custom-built. Most will be offered besides other types of security-as-a-service such as managed detection and response (MDR).
Is Digital Risk Protection Right for My Organisation?
The premise of DRP is that companies must protect both traditional and digital infrastructure. Undoubtedly, this is true for larger businesses with lots of brand assets that might be targeted by cybercriminals. Depending on the sector, the case for SMEs and DRP is harder to make. Smaller organisations have less to attack and might depend less on digital interaction.
However, this might not be true forever. Cybercrime history shows that criminals eventually find a way to widen their net if it is profitable to do so. Probably the biggest threat here is disinformation. We already see examples of that in the way fake reviews are used to damage the reputation of small companies and even sole traders. If these review platforms become more important for attracting new business, it’s likely that the issue of disinformation will get a lot worse.
Protecting Your Organisation From Cyber Threats
As part of the Amtivo group, British Assessment Bureau is able to provide a wide range of solutions to help organisations to protect themselves from a wide range of cyber threats. From low-cost e-learning courses to Cyber Essentials and ISO 27001 certification, we offer solutions that are designed to help organisations provide comfort to their stakeholders that cyber security is taken seriously. Meanwhile, for those organisations that need extra support or guidance, group company Ascentor can provide cyber expertise at all levels from SME basics to multi-national, high-risk industries.
If you’d like to read more cybersecurity articles, please click here.
