Digital Reputation: Can’t Buy it, Gotta Earn It

[steven36]

Can’t buy it, gotta earn it, as the old saying goes. With a few short searches, it is easy to find tweets that have had a significant impact on the reputation of institutions, police departments, online ecommerce properties, and corporations in 2014.

Whether it is a political statement, cultural difference or negative public review exposing competitive weaknesses, I think we all agree that bad news travels fast.

Does this same digital reputational reality exist in the physical world? Yes it does. The mileage and distribution may vary, but, for the most part, cyber can be compared to physical world reputations.

Years ago, before the Internet, if fraud was detected on a credit card, the card was blocked by merchants and banks. Going back further, in the 1800’s, the ultimate cost of negative reputation could include death by hanging for stealing a horse.

So, does a tweet of today compare to a “Wanted Dead or Alive” poster from yesteryear?

Today, the success and failure of many corporations can be placed on their online reputation. The security breaches of 2014 will become the justification of increased intensity on reputation.

Reputation is assigned to an IP address, online identities, physical identity and elements of online presence throughout the Internet to help determine good, neutral and bad actors.

An example of negative reputation would be if the IP’s of a corporate or personal website were to be compromised by hackers using known vulnerabilities with a goal to distribute malware, the end result could be that the site is flagged by web reputational services such as Google Safe Browsing.

Cleaning up the situation and reinstating the online presence of a company can be difficult, time consuming and, in some rare cases, irreversible.

As mentioned, in some rare cases, negative reputation is irreversible and the result is permanent. For example, in 2003, Microsoft recommended that TCP Port 135 be blocked due to the Blaster Worm, and in 2004 it went further with a blocking recommendation to include other ports.

At the time, Internet Service Providers (ISPs) as well as large enterprises took significant measures to protect their consumers and networks from certain disruption by the rapid spread of these network-borne viruses.

Today, a decade later, Port 445 continues to lead targeted attack vectors according to Akamai, and security infrastructure from home networking equipment to firewalls have built-in firmware to protect against these persistent threats.

The reputation of IP’s, domains and other supporting elements of one’s online presence directly translate against their bottom line. In fact, many industries have been built in the past 15 years just to track reputation and potential sources of negative impacts to the online presence of corporations.

Conversely, a consistent positive reputation can have a durable outcome as proven with brands like Facebook, Google and Apple with their undeniable growth of positive reputation online services.

Hackers are lurking in the dark corners of the Internet, the DarkNets and inside networks where they can move easily, impersonate and attack as well as deteriorate the reputation of a company at will.

So how does a company protect it’s online reputation?

• Know what assets you’re trying to protect:
  
  • What intellectual property would be of value to your corporate adversaries?
    
  • Who could you adversaries be?
  
  
  • Where would you find your digital assets if they were to be stolen?
  
  
  • How would you know they had been stolen?
  
  

• Monitor for E-Hacktivism against your brand by using various security services.
  

• Implement best practices within the defense in depth to protect against your online presence and internal networks from being compromised.
  

• Listen to the [email protected] email box as well as the technical contact listing for your domain as other security experts will attempt to use these addresses by default to contact your company before, during or after a compromise.
  

• Ensure your company has an incident handling procedure and test it often with ongoing security audits and penetration testing.
  

• Work with your local country CERT in the event of an incident:
  
  • http://www.first.org/members/teams
    

• Review other best common practices available from government agencies:
  
  • http://www.business.ftc.gov/privacy-and-security/data-security
    
  • https://www.onguardonline.gov/topics/secure-your-computer
  
  
  • https://www.us-cert.gov/ncas/tips
  
  
  • http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/tchncl-dvc-gdnc-eng.aspx
  
  

Remember, you can’t buy reputation, you gotta earn it.

Source