How to Determine Your Company's Cyber-Exposure Profile | eWeek

How to Determine Your Company’s Cyber-Exposure Profile

2
Jun 29, 2015
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


How to Determine Your Company’s Cyber-Exposure Profile

How to Determine Your Company's Cyber-Exposure Profile

By Chris Preimesberger


Business Analysis

Business Analysis

Building a cyber-exposure profile should include Internet searches for vital company information that has become public, such as financial statements; documents that should be under a nondisclosure agreement (NDA); and information that can be used in social engineering.


Social Media Analysis

Social Media Analysis

Companies should perform bulk analysis of social media platforms to discover oversharing or unauthorized disclosure of sensitive or exploitable information, or actual threats from internal or external sources.


Data Leakage Analysis

Data Leakage Analysis

Scan and analyze file sharing services for unauthorized copies of software, software keys, employee records and security credentials. Do security team members participate in forums and pose questions to security problems, or share how they have solved certain problems?


Advertisement

Domain Analysis

Domain Analysis

Do similar domains and spoofed sites exist that could trick your customers or employees? Security teams must sort through various domains, using accurate URLs as well as common misspellings and typical replacement characters, such as using the numeral 1 in place of the letter L or 5 for the letter S. This type of intelligence is important for identifying potential social engineering attacks and spoofing attacks aimed at an enterprise’s customers.


Network Services Discovery

Network Services Discovery

Organizations should scan to identify each of the active IP addresses and service components that are connected to the Internet and publicly accessible.


Vulnerability Assessment

Vulnerability Assessment

This portion of the process should include a thorough scan that searches known bugs, open-source vulnerabilities and malware. It should also identify any cloud-based files, scanning for the same. While this scan is something that many organizations do on a regular basis and is by no means an all-around security solution, it is an important step in building a complete cyber-exposure profile. BAE Systems Applied Intelligence, Kroll Ontrack, Mandiant, FireEye and Nettitude are among key suppliers of this service.


Social Engineering Assessment

Social Engineering Assessment

Determine if users are too susceptible to common social engineering techniques that would allow an attacker to compromise a user’s system and gain access to the internal network.


Advertisement

Threat Intelligence Review

Threat Intelligence Review

A company can use cyber-threat intelligence to identify likely threats against its industry/sector/region and even threats against the company itself. Has the company already caught the attention of attackers? Once this question is answered, all of the information found can produce a prioritized threat assessment.


Attack Assessment

Attack Assessment

Based on all of the information gathered, companies should think like an adversary and look at all of the potential vulnerabilities using a holistic view to identify how, given this information, cyber-criminals are most likely to gain access to their network.


Understand Your Cyber-Exposure Profile

Understand Your Cyber-Exposure Profile

Without visibility into what cyber-criminals can learn from your cyber presence, you can’t effectively protect against the threats posed to your organization. Conducting a thorough cyber-exposure profile will enable you to understand your cyber-exposure through the eyes of a would-be attacker and examine your security strategy through a different lens.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.