05 Oct A guide to digital footprint: Discovery, Mapping and Scoring
A guide to digital footprint: Discovery, Mapping and Scoring
As humans, we can be tracked or identified through the biological traces which we leave behind, our online presence too has traces that can be tracked and used to identify us. Whatever we do on the internet, be it browsing, shopping, sending mails and messages or connecting with friends or family leaves a digital trail behind us which can be used to determine our location, interests, and preferences. This is a serious concern for businesses and individuals alike as digital footprints, or traces are larger, difficult to hide and cannot be erased completely. These footprints can make organisations and individuals information easy to trace and track and also a target of a cyberattack. This online problem has led to the creation of a new cybersecurity branch known as Digital Risk Protection Service (DPRS). This threat can also be averted by mapping your footprints between internet facing infrastructures known as digital mapping.
What is a Digital footprint?
A digital footprint is the data what is left behind when the users have been online. There are broadly two types of data that the users leave footprints, they are passive footprints and active footprints. A passive footprint is made when the user’s data and online activities are traced or collected without their knowledge. An active footprint is when the users themselves provide data online. For an organisation, a digital footprint is like a map of all the external digital assets than an organisation owns. It showcases how an outsider or more specifically an attacker or a cybercriminal views the assets and network ecosystem. Viewing or reviewing the digital assets from the outside gives you a peremptory perspective to identify potential loose ends, gateways, and entry points which quite often the organisations ignore or inadvertently avoid while only focusing on the inside. Digital mapping allows the organisation the review the security system and seal exposed gateways and reinforce weak points. Digital footprint mapping also shows the connections and pathways your digital assets make with the internet as the outside world in general.
Importance of Digital footprint mapping
Digital footprint of an organisation is basically an external view of the digital assets outside the organisations network perimeter. These outside assets can become an attack vector for the criminals to launch an attack on the organisations internal security system. As companies evolve, they adopt new technologies to deal with the complex and evolved attacks from cybercriminals which in turn provides a large surface area to attack. Solutions like antivirus, firewalls, secured gateways do not constitute the entire security system. Organisation often are so involved and focused on the internal security infrastructure that they fail to check beyond their internal network perimeter which includes the vendor network as well. This results in negligence of the threat landscape that is beyond the firewalls and internal perimeter.
Third party stakeholders and vendors often access internal critical information like financial records, customer data, business data, research reports to seamlessly integrate the systems in an efficient manner. Vendor’s security system too requires regular software patches, proper configuration, and updated security surfaces to maintain and build a robust security system. If this outside surface area is ignored or neglected, the attackers can mount an attack on the vendors system and then laterally move to the internal security perimeter of the organisation and compromise the internal systems as well. As more and more businesses are going online, organisations are leveraging their third-party vendor relationships like never before to support their low overhead objectives.
Digital footprint mapping helps the organisation in understanding the external digital asset system and also to monitor the pathways and connections of different systems which increases visibilities and help in determining threats and weaknesses beyond the internal perimeter. Some of the threats visible or detected through digital footprint mapping are
- Vendor software programs
- Broken links
- Web applications
- Third party assets
- Websites
- Mobile apps
- E commerce assets
Working of Digital footprint mapping
There are three steps involved in digital footprint mapping. The primary objective of the mapping process is to identify and catalogue the external digital assets and entry points that can be exploited by a threat actor into the internal network system.
Once all the entry points are assets are identified, the connections between systems, their pathways and their end points are mapped out.
Finally, each vulnerability or risk identified is graded through a criticality score so that the recovery and remediation process and is prioritized and efficiently distributed.
The three phases are
Discovery: The first step is to discover and identify all the digital assets that are faced or exposed to the public domain and the internet. These includes
- Cloud networks
- Open ports
- Third party vendor applications and interface
- Websites and apps with external domains
- TLS certificates
- Data API’s
Any data or asset that a threat actor can find online regarding the organisation is a part of the digital footprint and anything that is a part of the digital footprint can constitute an attack vector. Entry points, gateways and domain subsidiaries should be scanned regularly to discover vulnerabilities. The security team should seek and check for every bit of data exposed online no matter how harmless they seem. The third-party vendor networks should also be included in the digital discovery phase as they could lead to third party breaches. Discovery also detects fake infrastructures, imposter accounts and assets which are no longer used by the organisation but can be an attack vector.
Mapping: Now that the team has discovered assets and established network connections, the mapping process has to be implemented to make sense of the data. The assets and the connections between them should be mapped. It is a known fact that threat actors and criminals spend ample amount of time in the discovery and mapping process and then look out for vulnerabilities in the connection. The organisation should follow the same criminal mindset and detect vulnerabilities and potential entry points through mapping. The connections and vulnerabilities can then be represented graphically through network diagrams. These can be simple charts which are easy to read and detect possible avenues of attack. Threat models such as attack trees can represent connections and vulnerabilities effectively. Efforts should also be made to map the connections and vulnerabilities of third-party vendors, however difficult and illegitimate that may be.
Scoring: Once the vulnerabilities and their connections are identified and mapped, each and every vulnerability should be assigned a vulnerability or a severity score so that the efforts are prioritised and distributed and that the most severe vulnerabilities are addressed first. These keep the damage impact to the minimum before any remediations are completed. To further make the response process more effective and efficient, the vulnerabilities should be divided as per the risk appetite score. The three categories are:
- Acceptable risks
- Tolerable risks
- Unacceptable risks
These risks will impact the security score and hence it is important to have a better understanding of their differences to calculate a proper security score. The scores can either be calculated manually or the process can be entrusted to a third party dedicated organisation.
