Security Experts:

Flashpoint Launches Intelligence Academy

New Intelligence Academy Aims to Help Organizations Reduce Risk by Better Understanding Threats and Prioritizing Response

Business Risk Intelligence (BRI) is a term that is easy to understand in concept, but difficult to action in practice. The problem is that business structures are all too often silos of individual responsibilities. Cyber security risk is a good example. Different cyber security control functions are often silos with little inter-control functionality. But cyber security itself is also a siloed department within the business -- again with little inter-departmental functionality.

Risk, however, is not siloed -- risk affects the whole business and honors no siloed structure. Risk management needs to be treated holistically, analyzing business risk rather than just cyber risk -- because, says Flashpoint's BRI principal advisor, Brian Mohr, in blog post, BRI includes not just cyber and insider risk, but also "global risk, fraud, anti-money laundering, executive protection, and physical security, to name a few." These risks are inter-related; and business needs to adopt an integrated approach to BRI.

The solution to risk is threat intelligence -- but most cyber threat intelligence sources are disjointed. For example, in a 2016 analysis of 88 IP-based blacklists and 35 domain name blacklists, Carnegie Mellon found that the majority of threat-indicated sources appeared on only one of the lists. For maximum threat intelligence, risk managers would need to subscribe to all the lists -- and risk being overwhelmed by noise within the intelligence. And they would still be limiting their intelligence to the cyber realm alone.

But for true business risk intelligence, many more factors need to be included -- such as geopolitical flashpoints, potential exchange rate fluctuations, staff travel arrangements and more. For example, "Few threats expose the true interdependency of cyber and physical security more than those targeting the oil and natural gas (ONG) sector," wrote Flashpoint CEO Josh Lefkowitz in a blog earlier this month. "After all, oil and natural gas together account for 53 percent of the world’s energy consumption and remain integral determinants of both global trade and the economy."

In its January 2017 Business Risk Intelligence Decision Report, Flashpoint expanded on this principle. "Traditional cyber threat intelligence, which has been largely focused on indicators of compromise, is insufficient in supporting the risk decision-making process, as it too often limits its focus on events in cyberspace," it warned. "Not all actors constrain their operations solely to the cyber realm; top tier nation-states like the U.S. and Russia use the full-spectrum of their capabilities to achieve their objectives. A threat assessment of Chinese or Russian cyber operations without the context of the national objectives they are supporting fails to provide risk decision-makers with an accurate portrayal of the threat landscape upon which to make business decisions."

To aid corporations take the required holistic view of business risk, Flashpoint offers its own BRI service. It gathers the intelligence and performs the analysis of that intelligence for its customers. It combines the different threat indicators into an holistic risk analysis, delivering integrated business risk intelligence.

But one basic problem remains -- not all companies know how to use the intelligence they receive. "Having spent my career in the government and the intelligence community, as well as at a Fortune 10 company," writes Mohr, "I understand without hesitation that the fundamental purpose of intelligence is to support decision-making. However, I also understand the struggles of implementing the intelligence lifecycle into practical business use."

Lefkowitz and his team at the New York, NY-based threat intelligence and research company have many years' experience of working both within national intelligence agencies and major international corporations. For example, Mohr spent 15 years as a Counterintelligence/Human Intelligence Specialist for the U.S. Marine Corps, conducting both human intelligence activities in support of U.S. combat units in the Middle East, as well as technical counterintelligence investigations across the Asia-Pacific theater. He then spent two years with the cyber threat intelligence team at American Express.

It is this combination of pure intelligence analysis and business understanding that Flashpoint now wishes to disseminate. It has today launched the Flashpoint Intelligence Academy (FIA). Its purpose is to help organizations understand how to structure an action program that embraces the full combined intelligence of BRI.

"We created FIA as a means to transfer what we’ve learned from our own experiences in building intelligence programs to our customers in a meaningful way," explains Mohr. "I came to Flashpoint because I realized that the company was helping its customers, not from the standpoint of just blocking IOCs, but actually supporting customers to reduce their overall risk. And I know FIA is the program to continue to support that goal."

The FIA offers foundational (one-day sessions); intermediate (two or three-day sessions); and advanced workshops. These workshops are available to any organization involved in actioning BRI, and not just Flashpoint customers. "Using the BRI principles taught in these workshops," says the on-site blurb, "organizations can better understand the threats they may face, prioritize their responses, make more informed decisions, and become a source for developing and driving risk intelligence application across the business."

Flashpoint raised $28 million in Series C funding in July 2017, after raising $10 million in July 2016. 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.