Experts advise that one of the negative repercussions of a data breach is brand damage. Following a major headline-making cyber security incident, companies’ stock prices often fall, they may lose customers to competitors, and executives may be fired or asked to step down. While companies like TJX, Home Depot, and Target have bounced back after a breach (some, to the extent that stock prices and revenues are significantly higher today than pre breach), short-term impacts, especially financial, can be significant. For executives who’ve taken the fall for a breach, consequences can be longer lasting.
But in the aforementioned breaches, much of the damage we’re talking about is to consumers’ personally identifiable and financial information. While identity theft is serious and injurious, the majority result of each of these breaches was consumer frustration, not life-altering or life-ending events. That said, personal information in the wrong (or right, depending on your point of view) hands can harm careers. For journalist Jamal Khashoggi, spyware was reportedly used to track Khashoggi’s location—part of his PII—resulting in his murder. If the latter example sounds extreme, a) it is but b), real people do face real-life threats because they’ve been tracked online, doxed, or stalked.
Speaking with Dee Liebenstein, Chief Product Officer, and Annie Wacker, CMO, both at Terbium Labs, they recounted incidents where corporate executives had received death threats at their offices, at their homes, and via personal email addresses. While anyone can have enemies based on conflicting personal beliefs, what if you’re the personal target of a misinformation campaign? What if cyber criminals get ahold of your corporate social media accounts and start blasting out hateful, hurtful things about your organization? What if personal details about your customers or employees are leaked online?
Today, it’s too easy for bad actors to inflict harm using digital data, and this is why Terbium Labs exists. Founded 7 years ago, Terbium offers a product that combines digital risk protection with brand monitoring and management. Initially the company focused on obtaining information from the deep and dark web, more akin to what we now think of as cyber threat intelligence. But Terbium evolved to complement traditional threat intelligence, including an organizations’ brand, employees, and customers rather than systems and network data.
“We think about digital risk in terms of the exposure outside your network”’ said Liebenstein, “and on systems over which you have no control, like social media or paste sites. We’re bringing awareness to that exposure and helping our customers identify and mitigate data loss, fraud, and brand misuse across the open, deep, and dark web.”
Matchlight crawlers monitor the open, deep, and dark web, generating fingerprints of the data found to match against the customer data (again, without exposing any of the data). If/When the technology finds exact matches, the data is viewable through a custom dashboard, and administrators are alerted, given recommendations for remediation, and, when appropriate, offered takedown services by the Terbium Labs team. Importantly, while data details are never exposed, Matchlight identifies the exact data elements discovered, right down to the field level. Admins not only know when a brand or domain is found, they also know what personal information is found for each employee or customer record, name, email, address, social security number, etc., without ever disclosing the details.
All of the above is automated, which anyone would expect of a modern technology, but Terbium complements automation with a human overlay. “Our analysts review what has been captured and analyze it for insights, correlations, and additional context that affects the risk score. They can then make recommendations and help customers prioritize response,” said Liebenstein. The type of information they’re looking for, she said, is how combinations of information indicate certain types of threats.
For instance, if a match includes employer information, job title, and business email address, the threat is likely phishing. If Matchlight sees physical addresses information included in the collection, the threat may be doxing. If it finds multiple social media sites with the same company or brand name, but some of those pages are missing information or have inaccurate information, the threat classification is account impersonation or potential brand misuse and the recommendation is account monitoring and/or takedown. If Matchlight sees customer or employee information email address lists posted on multiple deep or dark web sites, the indication is likely a leak or breach.
Companies of any size can use Terbium Labs to identify everything from credential harvesting to potential phishing and mis/disinformation campaigns, impersonation/fraud, social media account take overs, or even physical threats against executives. In reality, larger companies are in a better position to monitor digital risk. However, one of the impressive things about Terbium’s solution is that it was built for the mid-market, companies with 500-5,000 employees. Of course it can handle larger companies’ data sets, but the team at Terbium put a lot of time and effort into researching the mid-market's challenges in monitoring and managing digital risk and developed a tool that is accessible for even small companies.
Pricing is quite reasonable, even for the all-in-one bundle, so there’s little excuse for ignoring this important area of risk. Though not a typical cyber security tool in the traditional sense, Matchlight can help companies of all sizes manage their digital risk more effectively and easily, and we recommend you give this area a serious look.