Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Security Threats: Risk’s Often Neglected Step Child

According to Gartner (“Security and Risk Management Scenario Planning, 2020”), by 2020, 30% of global 2000 companies will have been directly compromised by an independent group of cyber activists or cyber criminals. This prediction is not surprising, considering the fact that leading risk indicators are difficult to identify when the organization’s cyber foes, including their strategy, competences, and actions, are unknown.

According to Gartner (“Security and Risk Management Scenario Planning, 2020”), by 2020, 30% of global 2000 companies will have been directly compromised by an independent group of cyber activists or cyber criminals. This prediction is not surprising, considering the fact that leading risk indicators are difficult to identify when the organization’s cyber foes, including their strategy, competences, and actions, are unknown. In turn, many organizations still focus on control gaps and vulnerabilities when performing risk assessments and neglect taking threats into account. This can lead to inaccurate prioritization of remediation actions and inefficient allocation of resources.

Risk Management IT ThreatsOne of the hot topics at RSA Conference 2014 was threat management and threat intelligence. Not only were these topics broadly covered in the conference’s workshops and presentations, but a wide range of vendors showcased their latest security threat technology to reflect the dynamic changes in the risk ecosystem. The goal is to help security professionals strengthen their existing security defenses with new visibility and context into real-time attacks.

As we all know, two conditions are required for a security incident to occur: A vulnerability must be present in some form (e.g., a software flaw or insecure programming; insecure configuration of IT infrastructure; insecure business operations; risky behavior by internal staff or other people, conducted maliciously or by mistake) and secondly, a threat must exploit that vulnerability.

Usually, security professionals have no direct control over threats to their organizations. In the past, this led to neglecting threats as a factor in an organization’s risk assessments. The focus, instead, was placed on the known, more visible facts – vulnerabilities and control failures. However, as the volume of vulnerabilities facing organizations has exploded over the past few years, it has become almost impossible to remediate all of them without vetting the impact and likelihood that they will be exploited. The point is, why would you give the highest attention to fixing vulnerabilities that have no threat associated with them and are not even reachable?

Since a threat is the agent that takes advantage of a vulnerability, this relationship must be a key factor in the risk assessment process. It can no longer be treated as risk’s neglected step child. In fact, advanced security operations teams leverage threat intelligence to gather insight into the capabilities, current activities, and plans of potential threat actors (e.g., hackers, organized criminal groups, or state-sponsored attackers) to anticipate current and future threats.

In its simplest form, threat intelligence information is available from government agencies (e.g., the National Terrorism Advisory System by the U.S. Department of Homeland Security, United States Computer Emergency Readiness Team). For many organizations, however, there is a need to supplement these services to access more timely, accurate, and vertical-specific intelligence. In this context, industry information sharing forums such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) or Red Sky Alliance, a vetted group of corporate computer incident responders and security professionals woven together in a private social network, come to mind as options.

Lastly, organizations can opt to subscribe to commercial threat intelligence service offerings that provide information about IT security threats, vulnerabilities, incidents, and other security-related issues.

Depending on the quality of the services, organizations can gain insight into the agents, actions, assets, and attributes of threats. This intelligence is derived from both technical sources (e.g., honeypots, files retrieved from malware archives) and human sources (e.g., interaction with law enforcement agencies, counter-attacks on hacker groups, and analysis of network traffic by white hackers). 

Gartner predicts that by 2020, 25% of global enterprise will engage the services of a “cyberwar mercenary” organization, including threat intelligence services. However, subscribing to these services is cost-prohibitive for many organizations as subscriptions run up to hundreds of thousands of dollars annually. In addition, threat intelligence is not yet a mature market with inherent weaknesses such as the lack of measurement parameters, such as reliability of information and risk assessment.

Advertisement. Scroll to continue reading.

Furthermore, organizations must recognize that subscribing to threat intelligence services only increases the challenges associated with processing and extracting actionable information from security big data, which in its raw form remains only a means to an end.

Stand-alone threat intelligence services as silo-based tools add to the volume, velocity, and complexity of data feeds that must be analyzed, normalized, and prioritized. As such, they require experts who can comb through mountains of information and correlate threat intelligence, vulnerability data, and other log files, which only delays the time it takes to close security gaps.

Fortunately, new technology – big data risk management – is emerging that helps not only to aggregate different threat intelligence feeds, but more importantly correlates security data with its business criticality or risk to the organization, allowing for increased operational efficiency and faster time-to-remediation.

Related News: IID Launches Threat Sharing and Collaboration Platform

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.