Like many other global financial service providers, Standard Bank’s digital journey has increased its online presence across web, mobile and social channels, making it difficult to bring all digital assets under the scope of its security programme. For example, its central security team lacked visibility into legitimate mobile applications published in the primary app stores being copied and distributed through secondary and affiliate app stores, which could be modified to be malicious, leading to brand and customer impact.
To automate the discovery and threat analysis of the full digital presence, Standard Bank selected RiskIQ as its digital threat management partner, using both RiskIQ Digital Footprint and RiskIQ External Threats solutions.
“The intelligence provided by RiskIQ has enabled visibility and collaboration between our central and decentralised teams to continually improve our security posture and protect the bank and our customers from cyber threats,” said Robin Barnwell, Head: PBB IT Security. “RiskIQ has now become the CMDB for our Digital Footprint assets.”
RiskIQ now provides Standard Bank in-depth information about its digital assets and highlights potential risks. The Standard Bank security team uses this information to ensure compliance with corporate standards and central visibility of all digital assets, alerting them to changes such as new redirections appearing on webpage links. The team also uses RiskIQ intelligence to clean up domain and certificate registrations and find and update older untrusted certificates across its web estate.
Meanwhile, to uncover brand-related threats, Standard Bank uses Mobile Threats and Domain Infringement, both part of RiskIQ’s External Threats solution. Using the intelligence provided by Mobile Threats, the security team can track where apps are published and request the removal of apps that end up in unauthorised stores, as well as identify and track mobile apps not owned by them that leverage its brands. The Standard Bank team also uses the Domain Infringement module to identify newly-registered domains that infringe on its brand. In conjunction with the marketing team, the Standard Bank security team has recently started monitoring the social media accounts -- including corporate accounts, brand accounts, and the social profiles -- of key executives, which can be used in phishing and credential-harvesting campaigns and can affect user trust and brand perception.
Given its success with RiskIQ solutions, Standard Bank has gained visibility into its digital presence across web, mobile and social channels and can work with the business to proactively address areas of weakness.