In the world of cybersecurity, understanding your risk parameters in real-time is paramount. PiiQ provides this capability through their dynamic risk assessments, giving executives the insight and strategy to protect their organizations against the ever-increasing risk of Business Email Compromise. Especially during these pandemic times and workforces almost entirely remote, without preemptive planning, “Identity is the new Perimeter.”
PiiQ (Pii-Q) gathers its namesake based on Personally Identifiable Information Quotients, due to its ‘pill form scoring of risk,’ across 21+ proprietary threat markers. These 21+ markers fall into 4 specific categories; relationships, attributes, content, and technical. These markers identify the potential and propensity for weakened attack surfaces. Strengthening these attack surfaces will allow organizations to mitigate the potential for threat actors to infiltrate their data, directly through the individuals through social engineering and spearfishing.
“A chain is only as strong as its weakest link” – Thomas Reid
PiiQ solution CXO Risk primarily focuses on this potential exposure around companies’ most valued assets, its people. Not only does it protect the organizational data from breach – it protects the individual employee and leadership from being the “weakest link.” As such, it provides services and solutions to Enterprise Security Teams, MSPs/ MSSPs, and VIPs or executives directly, focusing on mitigating cyber-security exposure and threats due to their workforce and partners.
It’s simple – As a business owner or leader concerned about your organization’s cyber-security, do you or your employees have Social Media Site (SMS) accounts; be it Facebook, Linked In, Twitter, Instagram, Youtube, Tik Tok or any of the countless others? Do you share email addresses and passwords across platforms? Is a work email in use for such platforms? If you think the answer is yes to any of the above – and it is almost a certainty that the answer is in fact, yes –this article is for you. In fact, this article really is for anyone with information online, because the threat of exposure to Personally Identifiable Information (PII) affects business and individuals alike.
What is Social Engineering and Spear-Phishing?
As awareness of internet scams, cyber-security and technology has improved, so too have the means in which scammers and bad actors penetrate personal and professional networks. The absurdly identifiable email phishing scams (e.g. “Your far distant relative in Country X has left you $6M inheritance in Christian love – click here for details”) are a dying breed. Today’s hacker and scammer breach people and organizations’ cyber-security countermeasures, potentially wreaking havoc, with sophisticated attacks to un-knowing individuals through methods known as social engineering and cyber spear-phishing. In fact, 90% of all attacks involve some type of phishing or social engineering. (IBM) Second, to that, self-reported metrics conclude that over 49% of cybersecurity breaches are from phishing attempts, according to The Ponemon Institute.
When you have spent over thirty years working at the forefront of cyber-security, servicing both the US government intelligence as well as top tier defense contractors, you tend to learn a thing or two and stay on the cutting edge of new technology. PiiQ’s Co-Founder, and Chief Technology Officer Aaron Barr, brings this level of experience and insight to a company on the cusp of changing the face of Cyber Security Risk Assessments.
In conversation with Mr. Barr, he clearly and succinctly identifies the root of the concern around PII awareness (or lack-there-of), “The human layer to cybersecurity is the new battle space and until employees are trained and equipped properly the costs of breaches will continue to rise. As the old saying goes, an ounce of prevention is worth a pound of cure.” PiQ CXO Risk represents that “an ounce of prevention” newly available to increase cyber-security for not only companies, but their employees PII as well.
Social engineering is manipulating end-users, into divulging information that can then be used to either infiltrate networks and spread on to other victims (personally/ professional) or take advantage of the victim outright. Cyber spear-phishing is typically defined as an email or electronic communications scam targeted towards a specific individual, organization or business. Victims are targeted often from publicly available, open-source data found on SMS where attention to privacy has been neglected. They provide bad actors the means to exploit victims in a variety of ways (i.e. malware, ransomware, create false accounts, etc.
How PiiQ Services Help Identify and Reduce PII Exposure-Threats
Individuals can reduce SMS exposure by fully understanding websites and platform settings, as well as avoid posting personal details that could be easily scraped by hackers and then used against them. Do you often “check-in” to locations, what personal details are unknowingly revealed in publicly viewable pictures, or through your friends? Are you aware of the details the public can gleam from SMS based on your privacy settings? These are just some of the in-roads hackers use to aggregate data and develop scam profiles to spear-phish. And make no mistake about it, the threat and ramifications of spear-phishing are very real. Twitter, as recently as this July of 2020, became painfully aware of this having fallen victim to spear-phishing attacks(Reuters) resulting in online ransoming. PiiQ runs a detailed analysis of employees publicly identifiable data and identify where PII exposure exists with its leading-edge product CXO Risk. Listed below are some of its capabilities:
- Provides automated analysis and scoring of risks to organizations’ cybersecurity horizon, identifying executive exposure through PII found on various social media sites.
- Scrapes individuals’ publicly available information – the same as hackers do. It differs from similar products as it is the only solution to successfully aggregate publicly available, profile-data across all five primary social media sites.
- CXO Risk, however, does not just provide scorecards, it details the precise PII trouble-spot as well as recommended steps to remove the threat on the appropriate SMS.
Headquartered in Cambridge, MA PiiQ is a privately funded, post-seed, pre-series A, data Science and cybersecurity analytics company. This start-up is positioned as a leader in social media risk analytics, offering not just SaaS solutions, but also SaaS-based social media intelligence and risk platforms, as well as business intelligence and consulting services. The PiiQ team is composed of recognized, industry-experts in open source intelligence (OSINT), social engineering, open-source risk analysis and mitigation, open source vulnerability assessments, penetration tests, social media, business and competitor intelligence gathering, and due diligence. The undeniable strength of the PiiQ team is only outweighed by the undeniable need for their products and solutions.
What’s in the pipeline – Risk HQ offers enterprise Open-source analytic dashboard
PiiQ is further extending their product offering in September 2020 with a robust OSINT Enterprise dashboard offering. This solution will visualize open source vulnerability assessments and penetration of enterprises at large. The analysis will review potentially compromised credentials, domain-related and content-related threats of organization, as well as Openweb, Darkweb exposed information. This platform drills-down OSINT intelligence to types of information captured with direct links to publications and platforms this information resides. Recommendations detailing how to rectify these issues are also provided.
Essentially the HQ Risk offering, with its focus geared to potential corporate exposure will complement CXO Risk with its focus geared primarily on not just C-Level, but potentially all people within its organization. Together, PiiQ offerings promise to provide easy to use, innovative, yet essential components to companies’ comprehensive cyber-security policies.