Intelligence in its various forms has long served as the foundation for many organizations’ cybersecurity strategies. And yet, only in recent years has the industry begun to recognize that certain types of intelligence — namely that which is relevant, actionable, and gleaned from high-value sources — can and should be applied to support not just cybersecurity teams, but all business functions across the enterprise.
Indeed, I’m talking about Business Risk Intelligence (BRI). Often considered the more strategic and cross-functional counterpart to its predecessor, cyber threat intelligence (CTI), BRI surpasses CTI’s relatively limited applications to inform decision-making, improve preparation, and mitigate a broad spectrum of cyber and physical risks. As someone who’s faced the limitations of CTI firsthand, I wanted to reflect on my experience with BRI to shed some light on why it’s quickly becoming the new industry standard.
BRI addresses overall risk
Just as its name implies, BRI focuses on addressing business risks — not just threats. To understand the difference, let’s look at a basic formula for risk:
Risk = threat x likelihood x impact
As you can see, threat is one component of risk. While most cybersecurity teams focus largely on detecting cyber threats, such an approach should really be just the beginning. Doing more than that requires assessing the likelihood that any given threat will target an organization and, if it does, what the potential impact could be. Even though countless threats exists, they’re not all relevant to all organizations. Evaluating a threat’s relevancy effectively requires visibility into the full context surrounding that threat.
The challenge is that the context surrounding many threats can be difficult to ascertain given that the nature of CTI is largely focused on detecting threats — but not much else.
BRI’s use cases are diverse
While countless threats can and do target all business functions and assets within an organization, many organizations continue to apply CTI solely in ways that serve the functionality of its namesake. That is, they appropriate all CTI-related operations solely to cybersecurity teams for use in addressing cyber threats.
BRI, on the other hand, broadens the scope of intelligence beyond cyber threat detection to provide relevant context on a broad spectrum of threats facing all business functions — not just cybersecurity teams. Organizations with effective BRI programs recognize that just because a threat has originated on the Internet does not mean such a threat’s scope of influence will remain restricted to all things cyber. I’ve written previously about how BRI’s widespread versatility enables organizations to not only bolster cybersecurity but also assess M&A opportunities, enhance executive protection, and strengthen physical security, among BRI’s many other uses.
BRI fosters cross-functional information sharing
By addressing so many diverse use cases, BRI also fosters a critical activity that has long been tied to effective security and risk strategies: information sharing. After all, when access to and collaboration around intelligence is restricted to one or few business functions, other business functions cannot benefit from it.
For example, let’s say that the CEO of a Fortune 100 retailer will travel to Asia to attend a high-profile event. In preparation, her executive protection team researches the surrounding area, maps out evacuation routes, and constructs a team of physical security professionals. Meanwhile, an intelligence analyst on the same company’s cybersecurity team leverages a CTI-based approach to identify the culprit of a recent defacement of the company’s website.
What’s great about BRI is that it would have armed both the executive protection team and the intelligence analyst with full visibility of threats against cyber and physical threats. For instance, with BRI they would’ve more easily connected that the hacktivist group responsible for defacing the website was also linked to a plot to shut down the power supply of an upcoming event occurring during the CEO’s trip to Asia.
Given the mounting difficulties today’s organizations continue to face in navigating what has become a truly volatile threat landscape, BRI’s cross-functional, comprehensive approach to intelligence is now a requirement. Whether an organization has an entire department of seasoned intelligence analysts or a smaller team that needs more daily support, BRI can help inform their decisions, gain a decision advantage over adversaries, and mitigate a broad spectrum of cyber and physical risks.