LONDON, UK – Nov. 7, 2017 – RiskIQ, a leader in digital threat management, today announced that the company believes that its approach to automating attack surface reduction and targeted attack protection aligns to technical guidance offered in Forrester Research’s new November 2017 report, “Assess Your Digital Risk Protection Maturity.” To address the increase in web, social, and mobile external threats, the new Forrester Digital Risk Protection Maturity framework was designed to help enterprises identify gaps and next steps toward mitigating digital risk with the appropriate oversight, people, process, and technology.
The Forrester report asserts that too many companies are underprepared and ill-equipped, with major strategic and operational gaps in their digital risk protection (DRP) efforts. In large part, this is because:
– Digital business is intensifying risk faster than companies realise. As digital footprints expand, organisations suffer increasingly severe brand, cyber, and physical risk events that disrupt business and strain customer relationships.
– Security and risk teams underestimate their own digital risk exposure. Security teams neglect their external digital brand presence and critical digital assets, concentrating instead on more traditional security functions like network, data, and device security.
– Poor data access and risk analytics create blind spots. Major visibility gaps persist at even the largest companies, and the consequences for poor digital risk visibility can hit companies hard.
– Lack of accountability leads to disjointed processes and ineffective response. Ownership of digital risk management is split among multiple teams (marketing, legal, security, risk, fraud, etc.), if it’s in place to begin with. This can cause operational gaffes 
According to the Forrester report, “From massive botnets to frequent account takeovers, brand impersonations, and continued weaponisation of social, mobile, and web channels, security and risk pros are inundated with new digital risks. Rapid proliferation of digital channels generates a massive, chaotic digital footprint, a burgeoning digital attack surface, and diminished control to protect critical digital assets and channels.”
Forrester says that a company’s “digital risk protection objectives must shift to address digital risk from prevention to detection and response.” The three steps to achieving this include:
– Map the firm’s external digital footprint. To make sure you’re covering the entire breadth of your company’s digital risk, you’ll have to discover every external digital touchpoint, mention, and affiliation linked to your company, products, assets, and people.
– Monitor for indicators of attack, compromise, and abuse. Once you know what your legitimate digital footprint is, you can begin to monitor digital risk.
– Mitigate risk events by initiating response plans, takedowns, and remediation. When a digital risk event is detected, take swift action based on the type of digital risk you’ve discovered. 
Among the four digital risk protection capability domains referenced in the report, Forrester notes: “Technology enhances techniques to analyse data and automate mitigating actions. This domain describes the technical capabilities to access, aggregate, and analyse data from disparate digital channels and other sources to discover and monitor a firm’s digital risk exposure. It also details the capabilities to detect, measure, and mitigate digital risk events using advanced risk analytics and process automation.”
In Q2 2017, RiskIQ research revealed:
- 32.6% increase in phishing-related advertisements compared to Q1
- Nearly 90,000 newly observed blacklisted mobile apps compared to Q1
- 39,320 unique phishing domains against 316 targeted brands
- 1,978.9% increase in redirections to phishing pages
- 845.9% increase in scam detections
- 22% increase in malware binary injections
- 58.1% increase in scareware and browser lockers
RiskIQ helps organisations accelerate technical capabilities and progress their digital risk maturity through its enterprise-class Digital Threat Management Platform – a SaaS-based threat intelligence and integrated application suite that addresses broad digital risks across web, social, and mobile channels. RiskIQ provides the insight, automation, and protection needed to understand digital footprint exposures, expedite threat investigation and monitoring, and pre-empt and protect against targeted external attacks.
“Cyberthreats, data privacy and business reputation have reached the boardroom where the CIO must demonstrate due diligence and investment towards reducing digital risk. Operationally, this means empowering security with resources and capacity to execute a digital threat protection strategy,” said Lou Manousos, CEO and founder at RiskIQ. “RiskIQ extends security outside the firewall by delivering the insight and automation necessary to efficiently identify, understand, and protect against external threats.”
 Forrester Research, Assess Your Digital Risk Protection Maturity, Nick Hayes, Chris McClean, Trevor Lyness, November 2017.
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.
+44 (0)203 861 3816