By Frank Duff, Tidal Cyber and Matt Polak, Vanish ID
Last year we started writing about how threat actors are using AI to lower the barriers to entry. Since then, we’ve seen an uptick in this trend, especially when it comes to writing much more convincing phishing emails or creating “fixes” for fake technical issues. For example:
By keeping our Knowledge Base up to date on evolving TTPs enriched with additional Cyber Threat Intelligence (CTI), Tidal Cyber Enterprise users can explore trending techniques and related activity and identify threats that matter to the organization. They can add these to their Threat Profile, determine their coverage based on existing defenses, and get data-driven recommendations for risk reduction if there are coverage gaps.
Here’s where organizations like VanishID come into play and why they are in our Tidal Cyber Registry.
Left of access was once outside the scope of enterprise security because adversary reconnaissance and resource development to determine who to attack and how, were considered largely impossible to defend. However, this is not true anymore because organizations like VanishID are providing online protection to address these types of threats. Pre-attack defenses make it possible for organizations to minimize their exposure while also keeping their employees safer.
VanishID is the first agentic AI-powered digital privacy service purpose-built for the Enterprise, providing a turnkey managed service for reducing exposed PII continuously and at scale. The zero-touch service, which requires no effort by clients and delivers instant value, continuously discovers, analyzes, and takes down exposed personally identifiable information that fuels social engineering attacks, harassment, and even physical threats. By reducing exploitable digital footprints, VanishID deprives threat actors of the main ingredients they need to identify valuable and accessible human targets and plan their attacks.
By tackling the threat left of initial access and focusing on employee exposure to social engineering, coercion, and harassment, enterprises can take a proactive and human-centric stance that reduces the attack surface, minimizes noise at the SOC, and produces human risk intelligence that focuses detection and response programs around the most exposed users.
The magnitude of the problem of exposed PII and compromised credentials was revealed recently when VanishID published a report detailing the exposure of over 10,000 US-based C-Suite executives. VanishID discovered that, on average, executives have 329 pieces of exposed PII across 11 data brokers, appear in 43 data breaches, and have 4.3 unique credentials that could be used in credential stuffing attacks. VanishID’s agentic AI-powered remediation capabilities reduce this exposure continuously and at scale across customer organizations, reducing the number of spear phishing attempts, impersonation, and other avenues of attack.
Tidal Cyber is committed to keeping users up to date on the latest trends and threats and while techniques like email phishing and fake persona use are not new, AI is making them more accessible to threat actors and more sophisticated. When adversaries are able to exploit points of entry with greater ease and more effectively, they pose an increasing threat to more organizations.
Pre-attack defenses like VanishID should be part of the purview of enterprise security because they continuously find and reduce exposed personal information to make these attacks less effective. By mapping your Defensive Stack to your Threat Profile, you can gain immediate visibility into your level of coverage and residual risk from trending left of access techniques. You have the data you need to make a quantifiable case to add pre-attack security to your Defensive Stack.