The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

Michael Marriott | 13 April 2017

Risk is a well-developed concept within cybersecurity. The National Institute of Standards and Technology (NIST) defines the field of risk management as: “The process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.”6 Applied to cyber security, we can define the field of external digital risk management as:

“The process of identifying, assessing, and taking steps to reduce external digital risk to an acceptable level. External digital risk management considers: 1) cyber threats 2) data leakage and 3) reputation risks.”

In this 3-part blog series, we will discuss how each of these pillars contributes to Digital Risk Management. Let’s begin with Cyber Threat.

The concept of “threat” can refer to a range of things; it may be an action, threat actor or new tool. Here are the main four areas we define:

1. Indications and warnings

Leverage threat intelligence to get advance information regarding an adversary’s planned activities. This can include being named on a hacktivist target list or being discussed on a known criminal forum.

OpIcarus Target list 

Figure 1: A target list posed as part of OpIcarus’ Phase 4

 

 2. Actor profiles

Profile actors’ tactics, techniques, and procedures (TTPs) in order to better understand how an attacker might target you and what tools they are likely to use. This can be used to stack up an organization’s defenses to the threats they are likely to face.

 

Turk Hack Team Profile 

Figure 2: A profile of the threat actor “Turk Hack Team

 

3. Campaign profiles

Understand the threat actor’s tools, target geographies and target industries. This can include the examination of malcode or the analysis of a new phase in a hacktivist campaign. This allows organizations to be better prepared for developing threats.

 

4. Emerging tools

Track new tools being developed and shared on the dark web and criminal forums. This can include the inclusion of new CVEs in an exploit kit, which can help to prioritize patching procedures.

Blaze EK 

Figure 3: The release of Blaze Exploit Kit alongside the claimed vulnerabilities it exploits

 

The value of threat intelligence is directionally proportional to how tailored it is to an organization. For external digital risk management to be effective, a threat intelligence doctrine should be applied. In applying the intelligence doctrine to the concept of cyber threat, organizations can methodically understand what they care about, create collection plans, identify collection gaps and ultimately deliver tailored intelligence.

To learn more, check out our 1 pager below or get our full report here: Digital Risk Management: Identifying and Responding to Risks Beyond the Boundary

 

Understanding Cyber Threats: 4 Key Areas from Digital Shadows