Is Your Digital Footprint Making You Prone To Attacks?
- Looking at statistics, which corporate roles have the largest digital footprints and why?
- How does your activity coincide with employee privacy?
- What's a social engineering attack?
- What would you advise to people seeking to reduce their digital footprint?
- In your opinion, what actions should the authorities take to minimize public exposure to cyber risks?
TitanGrid was founded by a group of cyber security classmates, who decided to combine their skills in technology, sales and law, to provide a social assessment mechanism that helps businesses and individuals to reduce their digital footprint. In this article i've interviewed CEO Aleks Koha to find out what is it that makes certain people particularly prone to attacks, and what they can do about it. Share
TitanGrid first started as a social engineering penetration testing service in Estonia, but we soon realized that Estonia was not the best market for it, so we decided to create a reporting system that would allow users to become aware of their digital footprint. With Joseph Carson as our strategic advisor, we developed a tool that answers the need of the hour by helping companies tighten their security from the ground up.
Our digital footprint discovery tool helps organizations to uncover individual risks posed on their employees and team members. As a direct result, those individuals also benefit on the personal level. They can see what information about them is out there, and often discover things they didn’t even know existed. We help them cover their tracks and remove whatever trails they left which are no longer needed.
Looking at statistics, which corporate roles have the largest digital footprints and why?
We've been doing a lot of demos and surprisingly, every time we put people in our system we realize that IT professionals and security people have the biggest digital footprints; half of them haven’t changed their passwords in the past year; others never changed them at all; and many of them use the same passwords over and over again.
How does your activity coincide with employee privacy?
The process works in the following way: when a company first comes to us, they give us a list of their employees and their emails. The employees are then notified that they have to opt in and give their consent for us to start doing our work. Consent is given by logging into our system with their social media accounts, which gives us the initial information about them. We then feed that information to open source intelligence tools, which dig deeper to gather more data and discover what other information about them is out there. The individual sees all of that data, so if there's anything specific they don’t want their employer to see, they can turn it off in the settings to maintain their privacy. For the most part, employers would only see the high level risks that concern them as a company. We put great emphasis on respecting individual privacy.
What's a social engineering attack?
Social engineering attacks are sophisticated attacks that exploit the fact that the human is the weakest link. Largely it's hacking human lives via phishing emails or location tracking for different purposes.
Exploiting people's inclination to place excessive trust is a common tactic employed by malicious actors. As an illustration, imagine receiving an email adorned with the PayPal logo and clicking on the link simply because you trust PayPal. However, unbeknownst to you, hackers have taken advantage of your trust in PayPal to deceive you into downloading malware.
What would you advise to people seeking to reduce their digital footprint?
It's all about awareness. Once you know what kind of attacks are out there, you can better anticipate them.
People with a high digital footprint, like online marketers, should be aware of how much info they leave online because it can be used against them. However, the kind of information that gets people hacked usually comes from things you're not aware of, like old MySpace accounts that you didn't even know existed. In addition, because many people use the same passwords over and over again, one data leak is enough to get all of their accounts exposed.
In your opinion, what actions should the authorities take to minimize public exposure to cyber risks?
Minimizing the risks has a lot to do with education. Even security professionals who are well aware still get affected, so average users are bound to get hacked. The way I see it, this kind of knowledge should go through the school systems.