Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Build Versus Buy: Threat Intelligence and Digital Risk

An increasing reliance on online digital technologies, driven in no small part by the many operational benefits they deliver, has prompted organizations to consider investing in capabilities that protect against the digital risks that can often characterize their adoption. Unfortunately, when it comes to digital risk there is no universal remedy for establishing maturity.

An increasing reliance on online digital technologies, driven in no small part by the many operational benefits they deliver, has prompted organizations to consider investing in capabilities that protect against the digital risks that can often characterize their adoption. Unfortunately, when it comes to digital risk there is no universal remedy for establishing maturity. Many organizations look outward to vendor solutions to detect risks across the open, deep, and dark web; correlate external and internal information; and create workflows for automating responses. Others take the opposite approach, building in-house capabilities instead. In order to help inform the right balance between building and buying, consider these engineering and operational factors toward adequately leveraging existing processes and resources. 

Retaining Expertise and Talent 

Determine who in the organization will monitor and manage digital risks, receiving alerts, and taking action when issues are discovered. Capability development, maintenance, and operation are critical. When something breaks, who fixes it, and what or who allocates the necessary resources? Infrastructures require regular monitoring to confirm what worked yesterday still works today. The internet is constantly changing as are the sites; changes to APIs and interfaces must be taken into account.

Likewise, with more positions vacant than talent available to fill them, cybersecurity workers are often spoiled for choice. This can create retention challenges and the potential for loss of institutional knowledge and security gaps when employees leave for other opportunities. Ensuring your workforce remains engaged and enthusiastic is one way to keep qualified candidates satisfied and on the job.  When employees do leave, having a plan or program in place to transfer processes, policies and practices to someone else is necessary to safeguard business, and cybersecurity, continuity. Strategies may include workforce assessments to identify and document critical knowledge held by existing employees, or specialized training and job sharing to help keep accumulated knowledge within the organization. 

Ensuring Relevance and Avoiding False Positives 

Quite a few of the tools available today do a good job of covering content, but may also include numerous false positives. Different content types generate different signal to noise ratios. Working out how to deal with the false positives in an efficient manner to get to the valuable results is an important consideration.  Investigating false positives steals valuable manpower and time away from addressing legitimate security alerts, reducing and organizations’ overall security effectiveness. And the potential for false positives only rises with each additional security tool. 

Before installing security tools, make sure to understand what they’re meant to solve and how they function. Don’t rely on default settings; security tools should be configured and tuned continually to evolve with the environment they’re deployed in. From there, policies and procedures around reviewing, validating and categorizing incidents can help quickly identify and reduce the occurrence of false positives.

Coverage and Compliance

Advertisement. Scroll to continue reading.

The internet moves swiftly and the frequency with which a tool is run or a query performed can have an impact on the time to detect a risk. Any service needs to consider what a baseline for coverage is. A risk-based approach focused on an organization’s threat landscape, infrastructures and operating environment will help prioritize security strategies likely to have the most impact. Outcome-focused security baselines (e.g. protecting against cyber threats or detecting and responding to incidents) are extremely effective, especially when facilitated by engagement of various stakeholders across business enterprise functions and sectors.

The reality is, the Web and the various services available on it is immense. Covering main services is an obvious security concern, but sometimes risks come left of field from a source or service that was previously not monitored. Even relatively popular sources, such as Twitter, present interesting engineering challenges. Working out acceptable coverage is an important step toward quantifying risk. 

It’s also important to make sure that activities conform with national and international rules concerning copyright, privacy, computer misuse legislation, in addition to complying with the various terms and conditions of the sources of data. These include the Electronic Communications Privacy Act (ECPA); Cyber Intelligence Sharing and Protection Act (CISPA); Computer Fraud and Abuse Act (CFAA); Trans Pacific-Partnership Agreement (TPP); and General Data Protection Regulation (GDPR), among others.

These considerations are just the beginning toward defining an internal maturity model for digital risk. While this topic is relatively new, factors like reporting, quantification, business requirements, and process documentation can help in the management of digital risk. While no framework is perfect, the optimal level of maturity will look to continually identify gaps, update processes and tooling, and reflect organizational changes.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...