News last week that dozens of high end U.S. Hotels have been subjected to attack by cybercriminals who installed malware on their payment processing systems to scam customers' names, credit card numbers, expiry dates and verification codes, might be shocking but can hardly be a surprise.
After all, one of the world's largest hacks, that of U.S. retailer Target, saw hackers stealing 40 million credit card numbers by targeting their point of sale equipment.
Our data is at risk and increasingly professional hackers target the connected devices we all rely on at home and in business, as they are often the weak spot in our cyber defenses extending our digital footprint even further into the web.
We trust a wealth of organizations with our data but it is hard for them to stop these sorts of attacks - especially if a third-party supplier maintains the payment systems. Companies (and to some extent ourselves) have to look at themselves as a criminal would. Taking an "attacker's eye view," businesses can identify potential cyber incidents, instances of sensitive data loss, and even which malicious actors might be watching them.
Data breaches are an all too common fact of business life today, either by nefarious actions of cybercriminals, or by accident by a 'well-meaning' insider. Whatever the cause, the effect can have a devastating impact on all of us and impact on a company's sales, reputation and profitability so it's vital we can identify the threat and shut it down quickly.
Social media, mobile computing and cloud services have changed the way we do business. But while we take advantage of the benefits these new technologies offer, many of us and the organisations we work for are unaware of how we look online to the world at large and to their would-be attackers.
As we operate in this digital world we leave behind a digital footprint - an electronic trail of activities. A subset of a digital footprint, a digital shadow consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. A digital shadow can leave us and the organizations we work for and trust with our data vulnerable.
Adversaries are no longer merely watching networks and endpoints to determine how they will attack, but actively surveying digital shadows, identifying vulnerabilities and launching attacks. Organisations need new ways to protect themselves. Many firms use cyber-threat intelligence (CTI) which uses techniques borrowed from the military to better understand adversaries. This includes the analysis of data and vulnerability feeds, indicators of compromise (IOCs) and profiles of threats. This is important to do but still isn't enough. What's lacking is cyber situational awareness that provides a more holistic and specific view of threats and vulnerabilities relevant and specific to your organization.
Cyber situational awareness provides relevant and contextual insight, based on industry, company size and geography, to prioritize threat protection and policies, and administer takedowns, in order to mitigate harmful events. This is done by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark, and deep internet.
With better awareness of the threat environment and their digital footprint within it, businesses like these hotels might have a better chance of protecting valuable customer data, and their own brand reputation.