August 23, 2022
Every online action you perform involves sharing a bit of data – over time, that data can add up.
Successful organizations and influential people rely on the public Internet to promote their brands, ideas, and products. A significant amount of time and energy goes into building a brand, and most of it is spent online.
However, every activity performed online involves exchanging some data. That includes social media posts on your public-facing accounts, activities your employees take on your behalf, and even third-party applications that automate high-volume workloads for your business.
These actions leave a trail of data and metadata called a digital footprint. It can include websites visited, geolocation data, advertising preferences, and much more.
On its own, a single piece of digital footprint data is harmless. However, if threat actors gather enough of this public data, it can significantly expand their capabilities. Information security leaders need to pay close attention to the way their organizations expose this kind of data to the public.
What Kind of Data is Included in a Digital Footprint?
Digital footprint data comes in two broad categories:
- Active digital footprint data refers to data that users deliberately share about themselves. Social media is the most obvious source of active footprint data, but online forms, content subscriptions, and even accepting cookie policies all count as well.
- Passive digital footprint data includes information gathered on users without their awareness. This can include anything from device-level metadata to a user’s IP address or advertising preferences.
Taken altogether, these different pieces of data can form convincing images of users themselves. It’s not a coincidence that many cybersecurity detection tools work by analyzing passive footprint data and looking for anomalous behavior.
Digital Footprint Data Provides Threat Actors with Context
Cybercriminals are aware of the kind of data that detection-based cybersecurity tools analyze and can use digital footprint data to improve their attack strategies. Social engineering attacks are particularly well-suited to this kind of context.
For example, imagine your organization’s CEO is a member of a local golf club and posts regularly about it on social media. An attacker may decide to spoof the golf club’s website, send a special members-only phishing message to the CEO’s email account, and successfully compromise an executive email account – a major breach.
The more digital footprint data an attacker has, the more realistic and convincing their spear phishing scenario can be. A sophisticated attacker can find and use many different data points to prepare for this kind of attack, like what kind of mobile device the target uses, the names of friends and family members, and much more.
How to Protect Digital Footprint Data in an Enterprise Environment
Reliably protecting an individual’s digital footprint is challenging enough – doing the same for an entire organization borders on the impossible. Information security leaders need to take a multi-layered approach to adequately protect users from data-enriched attack tactics.
- Explain privacy policies in full. Cybersecurity impacts every role in the organization, from the mail room to the board room. Security leaders need to make sure that every employee understands the purpose and extent of data security and privacy policies.
- Avoid linking social media accounts to third-party websites. Social media platforms thrive off digital footprint data. Some platforms and services use this data responsibly, while others are less judicious about how public user data is collected and used.
- Use egress filtering to protect valuable metadata. Egress filtering lets organizations control the data that flows out of their network. By limiting this flow of data, you can prevent attackers from learning about how your network is structured, or what kinds of devices exist on it.
- Invest in customized UEBA technology. User entity and behavioral analytics can reliably detect compromised user accounts, but only when properly configured. Custom rulesets enable UEBA tools to look for indicators of suspicious activity that are unique to the organization’s risk profile and its user base.
Conduct a Review of Your Organization’s Security Posture
Digital footprint data rarely makes itself known. It is not often the focus of routine security checks or even intensive audits. Enlist Castra’s help to review the way your organization – and its most visible employees – interact with the public internet and deploy a multi-layered security solution that can protect your systems from attackers who may use their information against them.