A digital footprint, sometimes called a “digital shadow,” is the unique trail of data that a person or business creates while using the internet.
Nearly every online activity leaves a trace. Some traces are obvious, like a public social media post. Others are subtler, like the cookies websites use to track visitors. Every trace a person or company leaves behind, taken together, forms their digital footprint.
While internet users and organizations both have digital footprints, they differ in meaningful ways. A person's footprint consists of the personal data they directly and indirectly share. It includes online account activity, browsing history and the details that data brokers collect in the background.
An organization's footprint is more complex. It consists of the company's entire online presence, including all its public and private internet-facing assets, content and activity. Official websites, internet-connected devices and confidential databases are all part of a company's footprint. Even employees' actions, like sending emails from company accounts, add to an enterprise's footprint.
This article focuses on organizational footprints. Organizational footprints are growing larger and more distributed, fueled by trends like the cloud boom and remote work. This growth comes with risks. Every app, device and user in a digital footprint is a target for cybercriminals. Hackers can break into company networks by exploiting vulnerabilities, hijacking accounts or tricking users. In response, cybersecurity teams are adopting tools that offer greater visibility into and control over the business's footprint.
Learn how Randori Recon finds external internet facing assets and exposures.
Defining an enterprise digital footprint can be tricky because of the number of people and assets involved. The contours of a business's footprint can change daily as new assets come online and employees use the internet to do routine tasks.
And different business units emphasize different aspects of the footprint. Marketers focus on a company's public online presence and branded content. Security teams focus on the organization’s attack surface—the internet-connected assets that hackers might attack.
To better understand what an enterprise digital footprint can contain, it helps to break it down into an active digital footprint and a passive digital footprint.
A company's active digital footprint consists of all the online activity, assets, and data it directly and intentionally controls. The active footprint contains things like:
The company's public branded content, such as websites, social media accounts, blogs, ads and other media.
Apps and online services created and controlled by the organization, including client portals and customer accounts on these apps and services.
Any internet-facing hardware or software employees use to conduct company business, such as email accounts, cloud apps, company-owned endpoints, and employee-owned devices used on the corporate network (within or outside of the organization’s BYOD policy).
Data the company owns, including intellectual property, financial data and customer records.
A company's passive footprint consists of online activity, assets, and data that are connected to the company but not under its direct control. Passive footprints include things like:
Vendor activity and assets connected to the company network, such as third-party software packages used in company apps or endpoints that service providers use on company systems.
Shadow IT assets, which include all apps and devices used on or connected to the company network without the IT department's approval and oversight.
Orphaned IT assets that remain online even though the company no longer uses them. Examples include old accounts on social media platforms or obsolete software still installed on company laptops.
Online content produced about the company by people outside the company, such as news articles and customer reviews.
Malicious assets created or stolen by threat actors to target the company and harm its brand. Examples include a phishing website that impersonates the organization’s brand to deceive customers, or stolen data leaked on the dark web.
A company’s employees and customers have digital footprints of their own. The data trails they leave behind can form part of the business’s footprint.
Customers contribute to the company's digital footprint by interacting with the organization. This includes posting about the company on social media, writing reviews and sharing data with the business.
Customers can give data to the business directly, such as by filling out online forms to sign up for subscriptions or punching credit card numbers into online shopping portals. Customers can also contribute through indirect data collection, like when an app records a user’s IP address and geolocation data.
Employees contribute to the enterprise digital footprint whenever they use the company's online assets or act on behalf of the company on the internet. Examples include handling business data, surfing the web on a company laptop or acting as a company rep on LinkedIn.
Even employees’ personal footprints can affect the business. Employees can harm the business's brand by taking controversial stances on their personal social media accounts or sharing information they shouldn't share.
The size and contents of a company's digital footprint can affect its cybersecurity posture, online reputation and compliance status.
A company’s digital footprint can make it a target. Stockpiles of personal data catch the attention of hackers, who can make good money by launching ransomware attacks that hold this data hostage and threaten to sell it on the dark web.
Businesses can also draw the ire of hacktivists and nation-state hackers when they use online platforms to take stances on political topics.
The bigger an enterprise footprint is, the more exposed it is to cyberattacks. Every internet-connected device or app on the company network is a possible attack vector. Vendor assets and activity also open the organization to supply chain attacks.
Hackers can use employees’ personal footprints to breach the network. They can use the personal details people share on social media sites to craft highly targeted spear phishing and business email compromise (BEC) scams. Even details that seem benign, like an employee's phone number, can give hackers a foothold. And if employees practice poor password hygiene—using the same password for multiple purposes, not changing passwords regularly, etc.—they make it easier for hackers to steal passwords and gain unauthorized access to the network.
A business’s public content, news coverage and customer reviews all contribute to its online reputation. If most of that content paints a positive picture of the brand, the company has a positive digital footprint. A positive footprint can drive new business, as many potential customers and clients research companies online before buying anything.
On the flip side, a negative footprint can drive business away. Negative footprints can be caused by critical news coverage, upset customers sharing their thoughts on social networking sites and shoddy company websites.
Data breaches can also harm a company’s reputation. Customers trust the business to protect their online privacy when they share sensitive data. If that data is stolen, people may take their business elsewhere.
The personal data a company collects form its customers and its employees are part of its digital footprint. Much of this data may be subject to certain data privacy and industry-specific regulations. For example, any organization doing business with customers in the EU must comply with the General Data Protection Regulation (GDPR); healthcare providers and others who deal with patients' protected health information (PHI) must comply with the Health Insurance Portability and Accountability Act (HIPPA).
Regulatory non-compliance can lead to legal action, fines and lost business. Newsmaking cases of non-compliance typically involve large-scale data breaches or cyberattacks. But an organization risks regulatory non-compliance anywhere on its digital footprint. For example, a hospital staffer posting a patient's photo or gossip about an patient on social media could constitute a HIPAA violation.
While a business can't control every aspect of its digital footprint, it can take steps to stop malicious actors from using that footprint against it.
Some organizations track the public portions of their footprints by setting Google Alerts or other search engine notifications for the company's name. This allows the business to stay on top of news coverage, reviews, and other content that can affect its online reputation.
Attack surface management software can map, monitor, and secure internet-facing assets like endpoints, apps, and databases. Security information and event management (SIEM) solutions can catch abnormal and potentially malicious activity throughout the footprint. Endpoint detection and response (EDR) solutions can protect the assets that hackers may target. Data loss prevention (DLP) tools can stop data breaches in progress.
Virtual private networks (VPNs) can shield employees' and users' online activity from hackers, giving them one less vector into the network.
Security awareness training can teach employees how to protect their digital identities for the benefit of themselves and their employer. Hackers have less information to work with when employees know to avoid oversharing and use strong privacy settings. Training can also focus on spotting phishing scams and using company assets appropriately to avoid exposing the network to malware or other threats.
Quickly improve your organization's cyberresilence. Manage the expansion of your digital footprint, uncover shadow IT, and get on target with correlated, factual findings that are based on adversarial temptation.
The IBM X-Force Threat Intelligence Platform included with IBM Security® QRadar® SIEM uses aggregated X-Force® Exchange data1. You can also integrate data from other threat intelligence feeds to help your organization stay ahead of emerging threats and exposure from the latest vulnerabilities.
IBM Security QRadar SIEM User Behavior Analytics (UBA) establishes a baseline of behavior patterns for your employees, so you can better detect compromised credentials, lateral movement and other threats to your organization
Find actionable insights that help you understand how threat actors are waging attacks, and how to proactively protect your organization.
SIEM (security information and event management) is software that helps organizations recognize and address potential security threats and vulnerabilities before they can disrupt business operations.
Insider threats occur when users with authorized access to a company's assets compromise those assets deliberately or accidentally.
1Allows you to use the X-Force Threat Intelligence data in QRadar correlation rules and AQL
Widespread hybrid cloud adoption and permanent remote workforce support have made it impossible to manage the enterprise attack surface. IBM Security Randori Recon uses a continuous, accurate discovery process to uncover shadow IT. Randori Recon keeps you on target with fewer false positives, and improves your overall resiliency through streamlined workflows and integrations with your existing security ecosystem.