
Nicole IbarraNovember 24, 2020
2020 Digital Risk Checklist
Online attacks have grown significantly in the last year. We identified some of the key areas to consider and provided information that can help your organization ensure a secure digital experience for customers.
Throughout this blog, we provide insights related to targeted attacks – and how to protect customers, employees, and ultimately your organization against:
- Phishing
- Malware
- The Deep Web and Dark Web
Knowing how to tackle threats can seem complicated, but it doesn’t have to be. Below we’ve provided a checklist with added insights to help you better position your organization.
PHISHING
It’s safe to say that phishing isn’t going anywhere and continues to be a significant area of concern – as it tends to be the start of many cyberattacks.
- Nearly one-third of all data breaches involved phishing in one way or another. [1]
- A new phishing site launches every 20 seconds.[2]
Based on Appgate’s global incident reporting [3] , there has been a 349% rise in users victimized by phishing when comparing Jan – Oct 31st, 2019 to Jan – Oct 31st, 2020. Our security analysts attribute this increase to the COVID-19 pandemic, which provided the perfect opportunity for fraudsters to cast a wider net.
How can you prevent phishing from impacting your organization?
PHISHING CHECKLIST |
INSIGHTS & SUGGESTIONS |
|
![]() |
Implement a phishing takedown solution |
Have a proactive phishing takedown solution to ensure timely detection followed by takedown or blacklisting of malicious sites. |
![]() |
Pinpoint impacted customers |
Ensure that your anti-phishing solution provides some visibility into which customers were impacted by an attack so that you can take action before any damage is done. |
![]() |
Establish an abuse box |
An abuse box is essentially an email address where customers and employees can send suspicious findings. Added visibility is always a plus. |
![]() |
Proactively educate customers on phishing |
Ensure they know what to look for when identifying a phishing attack, and how to report it. |
![]() |
Take action on customer and employee reported phishing |
Quickly mitigate the potential impact to your organization. |
MALWARE
Login and transactional webpages are a target for hackers to obtain credentials and sensitive information from your customers using malware. Hackers leverage different forms of malware and use it to inject sensitive browsing sessions with the intention of tricking a customer to enter their credentials.
Fraudsters have also been delivering malware through “virus-tracking apps” or sensationalized news reports related to COVID[4] .
Lastly, Ransomware has been on the rise in 2020With the COVID pandemic, hackers have more recently targeted hospitals breaching sensitive data during a crucial time. [5]
How can you protect your organization against targeted malware?
MALWARE CHECKLIST |
INSIGHTS & SUGGESTIONS |
|
![]() |
Protect sensitive webpages from malicious injections |
Since it’s impossible to control your customer’s devices, visibility around web injections is key. This helps to identify which customers were potentially impacted, and when the attack was launched. |
![]() |
Malware attack response plan |
Create an action plan and test it quarterly to ensure that your organization is ready to react in case of a targeted attack. |
![]() |
A strong anti-phishing strategy |
It doesn’t just protect against phishing – nearly 65% of ransomware attacks are delivered via phishing[6] . An anti-phishing strategy is beneficial in preventing ransomware attacks. |
![]() |
Continue to stay ahead of malware trends |
There are great resources that help you stay ahead of new malware so that you can better position your organization. This ransomware flashcard gives an overview of the latest ransomware statistics. |
DEEP WEB AND DARK WEB
The dark web continues to be a huge marketplace for sales of compromised credentials and sensitive information.
- 60% of listings on the dark web had the potential to harm enterprises[7].
- 15 billion stolen logins are circulating across the dark web, stemming from 100,000 breaches[8]
Many organizations have sensitive information already exposed somewhere across the dark web. What’s most important is extensive visibility across the internal channels that are within your control and to proactively respond when data is discovered.
How can you prevent damage from potentially exposed information?
DEEP & DARK WEB CHECKLIST |
INSIGHTS & SUGGESTIONS |
|
![]() |
Visibility into leaked information |
Ensure that you have a solution which reports compromised credentials, and leaked documentation that is exposed across the deep web and dark web. |
![]() |
Have a password policy in place |
Ensure that employees and customers create challenging passwords and update them within a certain timeframe to avoid account takeover. |
![]() |
Phishing protection against credential harvesting |
It all comes back to phishing. Data breaches and account takeover are typically a result of previous phishing campaigns, or other targeted attacks. |
![]() |
Strong authentication |
Implementing multi-factor authentication is a crucial factor in protecting against account takeover caused by exposed information. Challenging login attempts based on contextual data is key in preventing damage. |
Protecting your organization against these threats will help ensure a secure digital experience for customers. It’s important to highlight that although these three areas seem different, a strong anti-phishing strategy and customer/employee education are key elements that make a difference in defending your organization.
If you’re interested in learning how Appgate can help you check some of these items off your list, please click here.
[1] https://enterprise.verizon.com/resources/reports/dbir/
[2] https://www.cybersecurityintelligence.com/blog/popular-types-of-phishing-emails--5017.html
[3] When comparing 2019-2020 across the Appgate customer base, there was a rise in user’s victimized by phishing by 349%
[5] https://www.cnn.com/2020/10/28/politics/hospitals-targeted-ransomware-attacks/index.htm
[6] https://www.idagent.com/blog/whats-behind-the-huge-rise-in-healthcare-data-breaches/
[7] https://www.techradar.com/news/how-to-keep-your-information-off-the-dark-web
[8] https://www.wired.com/story/dark-web-credentials-roger-stone-blueleaks/