In this digitalized world we live in, data is the new currency and driver for all businesses. This change in business landscape presents new risks and threats to be remediated. We provide tools for individuals, companies, governments and law enforcement to discover their exposure and mitigate the risks identified. We publish Cyber Exposure Index which is the first step in this remediation and mitigation process by identifying existing threats and making them transparent.

We have witnessed that exposure affects us all in many different ways. For example leaked passwords from third party site may lead to compromised systems in another company as up to 80% of people will reuse their password as is. Or being a company on a target list will lead to almost 100% certainty to web application attacks and DDOS attacks.

 

Common exposure types

Sensitive disclosure

Sensitive information is typically regulated by laws and policies and should never be stored on your computer’s hard drive, on a portable device, or sent via email without proper authorization. Typical sensitive information consists of internal emails, discussions and confidential matters, such as business plans, company valuations, and trade secrets. The disclosure of sensitive information can result in identity theft, regulatory fines and civil as well as criminal penalties under federal and state statutes.

Exposed credentials

Exposed credentials are usernames, passwords, and their combinations, tokens or other identifiers that enable access to restricted systems. Exposed credentials are the most popular way by which hackers gain access to a system due to password reuse attacks. This information can come from breached systems or information leaks, the content of which might be available for free or for sale. In many countries, the law requires organizations to notify individuals whose credentials have been breached.

Hacker group targeting

Hacker groups such as Anonymous are loosely associated international networks of activists and hacktivists. They organize attack campaigns that begin with a published manifesto, a statement explaining the reason for the attack, followed by target lists and communications about performing the attack. When hacker groups target organizations, this indicates an intentional attempt to break into their systems or perform denial of service attacks that cause downtime for critical systems. Whether attack groups are successful or not depends on the target organization’s security posture and the participating hacktivists’ skills and tools.