The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats
Risk is a well-developed concept within cybersecurity. The National Institute of Standards and Technology (NIST) defines the field of risk management as: “The process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.”6 Applied to cyber security, we can define the field of external digital risk management as:
“The process of identifying, assessing, and taking steps to reduce external digital risk to an acceptable level. External digital risk management considers: 1) cyber threats 2) data leakage and 3) reputation risks.”
In this 3-part blog series, we will discuss how each of these pillars contributes to Digital Risk Management. Let’s begin with Cyber Threat.
The concept of “threat” can refer to a range of things; it may be an action, threat actor or new tool. Here are the main four areas we define:
1. Indications and warnings
Leverage threat intelligence to get advance information regarding an adversary’s planned activities. This can include being named on a hacktivist target list or being discussed on a known criminal forum.
Figure 1: A target list posed as part of OpIcarus’ Phase 4
2. Actor profiles
Profile actors’ tactics, techniques, and procedures (TTPs) in order to better understand how an attacker might target you and what tools they are likely to use. This can be used to stack up an organization’s defenses to the threats they are likely to face.
Figure 2: A profile of the threat actor “Turk Hack Team
3. Campaign profiles
Understand the threat actor’s tools, target geographies and target industries. This can include the examination of malcode or the analysis of a new phase in a hacktivist campaign. This allows organizations to be better prepared for developing threats.
4. Emerging tools
Track new tools being developed and shared on the dark web and criminal forums. This can include the inclusion of new CVEs in an exploit kit, which can help to prioritize patching procedures.
Figure 3: The release of Blaze Exploit Kit alongside the claimed vulnerabilities it exploits
The value of threat intelligence is directionally proportional to how tailored it is to an organization. For external digital risk management to be effective, a threat intelligence doctrine should be applied. In applying the intelligence doctrine to the concept of cyber threat, organizations can methodically understand what they care about, create collection plans, identify collection gaps and ultimately deliver tailored intelligence.
To learn more, check out our 1 pager below or get our full report here: Digital Risk Management: Identifying and Responding to Risks Beyond the Boundary.