As virtual footprints of organisations have continued to expand multi-fold during the coronavirus pandemic, instances of carding, data exposure, and hacktivism have escalated to become the highest rated digital risk categories in 2020, impacting almost all major industry verticals in the Middle East region, the first ever Digital Risk Protection report by Help AG, the cyber security arm of Etisalat Digital, has revealed.
Carding
Help AG’s security analysts saw a 500% jump in risk alerts for carding from January to June 2020 compared to the same period in 2019. Carding refers to the trafficking of credit cards, bank accounts, and other personal information online. The massive five-time increase in carding alerts was observed through scans of public sources including information sharing platforms and deep web sources with data compiled by botnets and underground markets. Findings comprised all possible details including recovery date, BIN code, card number, card expiry, source, card brand, card type, issuing bank, and country of the issuer. The top impacted sectors include aviation, logistics, and retail.
Data Leak or Data Exposure
During the initial months of COVID-19, Help AG’s security analysts witnessed a staggering 3X (183%) jump in threat alerts related to data exposure. Data leakage refers to the intentional (malicious intent) or unintentional (human error) exposure of confidential documents, corporate emails, and documents with sensitive metadata on official channels of an organisation and the dark web for subsequent unauthorised use and exploitation for malicious purposes. The alarming increase was identified as a result of continuous monitoring of documents and file repositories on information sharing platforms, official portals of organisations, and the dark web through Help AG’s Digital Risk Protection service. The top impacted sectors include healthcare, government, aviation, logistics, retail, and energy and utilities.
Hacktivism
Help AG’s security analysts observed a nearly 50% increase in hacktivism risk alerts following analysis of monitored hacker groups’ advertisements on social networks (hacktivist profiles and groups), media (local, sectorial, and syndicalist), petition and signature platforms, information sharing platforms and manifestos (pastes). Hacktivism is an open challenge among cybercriminals to take down a normal business by causing disruption. The top impacted sectors include healthcare, government, aviation, logistics, retail, and energy and utilities.
For organisations, the biggest impacts of these major digital risks range from service disruptions to exposure of private information intended for confidential use for future business goals, loss of reputation and trust established with customers and partners, inability to ensure compliance against regulatory requirements, and ultimately a dent in the success of digital transformation initiatives. It is important to note that the risks affect a wide audience of stakeholders from board and executive management levels to legal, marketing, risk, compliance, governance, and operations.
To help address these challenges, Help AG’s Digital Risk Protection service, under our Managed Security Services, safeguards organisations’ brands from misuse whilst protecting social media and digital channels from business risks and security threats. The service offers a comprehensive solution against external cyber threats, covering the entire life cycle from early detection to final resolution. In order to further protect customers, Help AG has also activated a “Special COVID Monitoring Plan” that includes a combination of special keywords with the aim to detect any mentions of its customers as well as detecting changes in the tendencies of posts on social media.
“The impact of the pandemic is very clear as we compare risk alerts with the corresponding number of alerts in 2019 in our first ever Digital Risk Protection report,” Stephan Berner, Chief Executive Officer at Help AG, said.
“These high rated threats are an unfortunate reality of the COVID-19 era, hence knowing and guarding against your enemy is now more important than ever before. At Help AG, the leading cyber security provider in the region, we are fully geared to manage digital risks for our customers and ensure a secure but sustainable digital presence in the cyber world. Our report details the various risks organisations must be aware of as well as all aspects of digital risk protection covering proactive identification, validation, response, and remediation. The risk management cycle is never ending but remains critical for business continuity.”
Nicolai Solling, Chief Technology Officer at Help AG, added, “Digital Risk Protection is all about managing risks related to an organisation’s cyber exposure. It is about proactively being aware of what is being planned against an organisation and taking remedial actions. This is entirely different than the function of an organisation’s security applications and infrastructure. For instance, what would be the role of a bank’s firewall if information about its customers’ credit cards are traded on the dark web? Or can an organisation’s content filtering gateway tackle a campaign planned against it by Hacktivist groups? At Help AG, we track and manage varied categories of digital risks, which is a unique capability wherein we proactively identify and ultimately remediate these risks before they can have a critical impact on organisations.”
Discussion about this post