Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Security Threats: Risk’s Often Neglected Step Child

According to Gartner (“Security and Risk Management Scenario Planning, 2020”), by 2020, 30% of global 2000 companies will have been directly compromised by an independent group of cyber activists or cyber criminals. This prediction is not surprising, considering the fact that leading risk indicators are difficult to identify when the organization’s cyber foes, including their strategy, competences, and actions, are unknown.

According to Gartner (“Security and Risk Management Scenario Planning, 2020”), by 2020, 30% of global 2000 companies will have been directly compromised by an independent group of cyber activists or cyber criminals. This prediction is not surprising, considering the fact that leading risk indicators are difficult to identify when the organization’s cyber foes, including their strategy, competences, and actions, are unknown. In turn, many organizations still focus on control gaps and vulnerabilities when performing risk assessments and neglect taking threats into account. This can lead to inaccurate prioritization of remediation actions and inefficient allocation of resources.

Risk Management IT ThreatsOne of the hot topics at RSA Conference 2014 was threat management and threat intelligence. Not only were these topics broadly covered in the conference’s workshops and presentations, but a wide range of vendors showcased their latest security threat technology to reflect the dynamic changes in the risk ecosystem. The goal is to help security professionals strengthen their existing security defenses with new visibility and context into real-time attacks.

As we all know, two conditions are required for a security incident to occur: A vulnerability must be present in some form (e.g., a software flaw or insecure programming; insecure configuration of IT infrastructure; insecure business operations; risky behavior by internal staff or other people, conducted maliciously or by mistake) and secondly, a threat must exploit that vulnerability.

Usually, security professionals have no direct control over threats to their organizations. In the past, this led to neglecting threats as a factor in an organization’s risk assessments. The focus, instead, was placed on the known, more visible facts – vulnerabilities and control failures. However, as the volume of vulnerabilities facing organizations has exploded over the past few years, it has become almost impossible to remediate all of them without vetting the impact and likelihood that they will be exploited. The point is, why would you give the highest attention to fixing vulnerabilities that have no threat associated with them and are not even reachable?

Since a threat is the agent that takes advantage of a vulnerability, this relationship must be a key factor in the risk assessment process. It can no longer be treated as risk’s neglected step child. In fact, advanced security operations teams leverage threat intelligence to gather insight into the capabilities, current activities, and plans of potential threat actors (e.g., hackers, organized criminal groups, or state-sponsored attackers) to anticipate current and future threats.

In its simplest form, threat intelligence information is available from government agencies (e.g., the National Terrorism Advisory System by the U.S. Department of Homeland Security, United States Computer Emergency Readiness Team). For many organizations, however, there is a need to supplement these services to access more timely, accurate, and vertical-specific intelligence. In this context, industry information sharing forums such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) or Red Sky Alliance, a vetted group of corporate computer incident responders and security professionals woven together in a private social network, come to mind as options.

Lastly, organizations can opt to subscribe to commercial threat intelligence service offerings that provide information about IT security threats, vulnerabilities, incidents, and other security-related issues.

Depending on the quality of the services, organizations can gain insight into the agents, actions, assets, and attributes of threats. This intelligence is derived from both technical sources (e.g., honeypots, files retrieved from malware archives) and human sources (e.g., interaction with law enforcement agencies, counter-attacks on hacker groups, and analysis of network traffic by white hackers). 

Gartner predicts that by 2020, 25% of global enterprise will engage the services of a “cyberwar mercenary” organization, including threat intelligence services. However, subscribing to these services is cost-prohibitive for many organizations as subscriptions run up to hundreds of thousands of dollars annually. In addition, threat intelligence is not yet a mature market with inherent weaknesses such as the lack of measurement parameters, such as reliability of information and risk assessment.

Furthermore, organizations must recognize that subscribing to threat intelligence services only increases the challenges associated with processing and extracting actionable information from security big data, which in its raw form remains only a means to an end.

Stand-alone threat intelligence services as silo-based tools add to the volume, velocity, and complexity of data feeds that must be analyzed, normalized, and prioritized. As such, they require experts who can comb through mountains of information and correlate threat intelligence, vulnerability data, and other log files, which only delays the time it takes to close security gaps.

Fortunately, new technology – big data risk management – is emerging that helps not only to aggregate different threat intelligence feeds, but more importantly correlates security data with its business criticality or risk to the organization, allowing for increased operational efficiency and faster time-to-remediation.

Related News: IID Launches Threat Sharing and Collaboration Platform

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet