Hackers could exploit this information
The term “digital footprint” is frequently employed information security. This refers to all records left by an individual or a company through the Internet. Have you ever loaded a resume on a site? Have you posted your birthday photos in Facebook? Have you ever published an article or made a new website? Each of these actions is equivalent to leaving a digital footprint.
For companies, the task of monitoring and tracing their digital footprints becomes even more complex. In addition, a company is the sum of its employees, and each worker has its own digital footprint. Using these “digital breadcrumbs” and connecting the dots between all these publicly available details can significantly extend the attack surface over a company. This is how hackers use publicly available employee data to illegally access company systems.
What are digital footprints?
The number of public digital actions online per person can reach millions. And, depending on the age of the individual, these digital actions could have been done years ago, when awareness about information security and enterprise data protection services was virtually inexistent. Consider the following information:
- 45% of people publicly disclose their birth date
- 29% share their phone number on the Internet
- 20% share their address
- 14% mentions their mother’s maiden name
- 7% share their social security number online
Each of these details by themselves presents some security risk, but combining information about an individual, such as his birth date, mother’s maiden name, address and references of this information crossed with numerous apps and services that offer individual public data on the Internet allows attackers to create a very accurate profile of that person. This profile, combined with resources available on dark web, could help a hacker to impersonate someone and take advantage of his/her information.
For example, knowing the middle name, the year and the place of birth of a person would be enough to locate and buy a social security number on the dark web. This hacker can now access corporate systems and divisions that request a social security number for identification.
Digital footprint management
Just like people should be aware of the management of their digital footprints, companies need processes and tools to manage their own. A large company has numerous websites, social media accounts, servers, IP ranges, ASN, databases, repositories, cloud storage servers and other Internet-oriented assets. There are generally many more assets that the company does not know, such as ad-hoc sites and services, temporary quality control environments (which often remain permanent) and all kinds of Internet-oriented services, which were probably created by old employees, but now they’re forgotten.
As mentioned above, a company is the sum of its employees. While some people may try to separate their personal and professional “digital lives”, all of this information contributes to their digital records and can therefore be exploited as an attack vector against the company.
Think of the next scenario: A hacker uses LinkedIn to identify a company’s developers. Further research on these developers reveals their company’s email addresses (via SEO tools, or even through an open source article). This helps the hacker to know the naming convention of the company’s email systems (for example, name + last name, first letter of the name + last name @example.com, etc.).
The password can be discovered in several ways, for example, through brute force, investigating credentials filtered on dark web (if the hacker is very lucky) or other filtered passwords of that employee. If none of these tactics work, the hacker can search for filtered passwords from other employees, giving him a clue about the length of the password and the company’s complexity policies, helping to reduce the scope of the brute force attack.
The reality is that this scenario is often presented. The digital footprints that people leave on the Internet make it easier for hackers to bypass security systems. And while companies continue to impose stricter security policies each year, the human factor requires specialized training in enterprise data protection services. Companies need to find ways to monitor and reduce digital footprints so that hackers have less information that they can leverage to get into their systems.
Managing your company’s digital footprints and employees requires a constant effort. Web tools are constantly launched, and companies need their employees to keep up to date. However, the increase in the use of the Internet generates larger digital footprints, which makes it easier for hackers to search for key information to access their systems. Cleaning your fingerprint is a necessary practice in today’s world, so companies must establish contact with specialists in enterprise data protection services, so they could not suffer bad security experiences due to the digital footprints left online.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.