Threat intelligence provides data to security professionals to help them with prompt decisions on cyber defense strategy.
The first step to creating a threat score is to analyze the effect of cyber threats over business risks to determine the most effective cyber threat intelligence management plan.
◉ What threats are impacting your specific business region?
◉ Are your supply chain partners secure?
◉ To what extent are the supply chain partners granted access to your networks?
◉ What type of malicious activity does your first-line security team observe on the network?
◉ Did your security team record malicious activity on the adjacent networks too?
From Threat Score to Risk Assessment
The cyberthreat intelligence process provides threat severity scores and these scores assess the impact of each threat. Even though these threat scores convey insufficient information about each threat’s probability, they can be compared with each other to begin to get a clear picture of the threat landscape. We need the probability and severity information of potential threats to assess the risks to the organization. The threat score helps you tune your security to challenge or block the attacks based on their severity.
Threat intelligence feeds report potential network threats, including those already within an organization’s firewalls, and their probability of causing harm. However, solely relying on threat feeds to assess threat possibilities is not enough because there is so much to know about threats that can’t be adequately summarized by threat feeds.
6 Factors influencing the risk of cyber threats
The various factors that influence the probability and risk of encountering various threats are as follows –
1. Cyber supply chain
It’s not enough to just security an organization’s network assets. According to Symantec, supply chain attacks were up by 78% in 2019, making third-parties with access to your organization’s networks a major area of concern. Any access given to partners, consultants, or other contractors should be scrutinized heavily and managed thoughtfully. Another way criminals can use your relationships with third parties against you is by taking advantage of their potentially weaker security systems and accessing any of your data they have on their networks that way. Organizations should required supply chain partners follow security practices as stricts as their own before sharing data or network access.
2. Industry
Threats can be industry-specific or impact each industry differently. For example, IoT threats in healthcare are more dangerous than in other industries, point-of-sale malware can cripple retail businesses in ways not seen in other sectors, and threats to the industrial control systems in the infrastructure sector could cause nation-wide outages and mass chaos.
3. Vulnerabilities
Some threats exploit vulnerabilities in segments of the application services, firmware, open ports, etc. of specialized devices. Information gathered from regular vulnerability scans enables the prioritization of threats in accordance with the organization’s network inventory. Of course, any actionable information regarding vulnerabilities requires attention.
4. Network connectivity
Threats can multiply rapidly in the local network framework either by activity patterns or design. Upon activation of these rapidly multiplying threats in autonomous blocks, the risk of the threat spreading across network assets increases significantly. Therefore, being aware of threats in and around the network is essential to protecting them. It is equally important to assess the risks accurately in the ever-evolving topology of the internet.
Understanding the organization’s network segmentation is important too. The location of malicious activity on the network defines the prioritization of response activity. Similarly, it’s important to verify whether the newly discovered malware instance has access to the server or to any crucial databases.
5. Interaction effects
Threats cannot be treated in isolation. They are largely influenced by other factors like network connectivity, vulnerabilities, and location on the network. Interaction can be the most difficult part of implementing an organization’s cyber risk assessment. At the same time, understanding how threats on different segments of the network can affect the network as a whole is an essential part of any security program.
6. Value
While performing cyber risk assessments, it is important to consider the different values of the assets you are protecting. The value an adversary places on a piece of information could be different from how the organization sees the asset. The internal value assessment, or how the organization sees the asset, influences the impact of a data attack and calls for cybersecurity action. The external value assessment, or how a criminal sees the asset, affects the probability of a targeted cyberattack.
Organizations need automated risk assessment capabilities that perform in tandem with threat severity scores. Information from threat intelligence enables cybersecurity professionals to understand and follow the dynamic threat landscape. However, the integration of contextual data is crucial for cybersecurity management to assess the probability associated with each threat as it pertains to their specific organization.
Source: eccouncil.org