Cyber Risk Intelligence
 Knowledge Center

Make Better Decisions With Cyber Risk Intel.

The cycle of collecting and implementing cyber risk intelligence includes:

• Information gathering. This encompasses the entire process of searching for and collecting information on the latest developments in the threat landscape. It is the bedrock of all intelligence programs.
• Contextualized data analysis. Organizations then transform data into contextualized insights that provide a foundation for better business decisions.
• Risk plan development. By this stage, security teams should have insights from intelligence that alert them as to where they’re most vulnerable and why. Those insights can then inform the best strategic security responses.

Oftentimes, cyber risk intelligence gets confused for cyber threat intelligence. While both intelligence terms are related, cyber risk intelligence and cyber threat intelligence have a few key differences. These differences can be boiled down to:

How Cyber Risk Intelligence Works

Information Gathering

Cyber risk intelligence leverages thousands upon thousands of data points to deliver the insights your organization needs to stay readily armed against potential attacks. Most cyber risk intelligence programs utilize open-source intelligence (OSINT) to gather that information. OSINT is data collected from publicly available sources that security teams can use in an intelligence context.

In the most successful cyber risk intelligence programs, security companies continuously scan social media, websites, and networks throughout the web for information on new attacks, leaks, breaches, and vulnerabilities in the threat landscape. They keep their finger on the pulse of the latest updates in the threat landscape.

OSINT can be collected from security companies — or it can even come from hackers themselves. In fact, sometimes the data provided by threat actors can be the most useful to organizations since it’s coming directly from the source.

Contextualized Data Analysis

Once information gathering is complete, cyber risk intelligence programs then transform data into  contextualized insights that provide a foundation for better business decisions. To do so, any cyber risk intelligence program worth its salt will take the data it has collected and measure it against concerns specific to an organization.

For instance, a risk intelligence program for a healthcare organization might deprioritize data on a recent string of attacks manipulating a vulnerability it does not have while prioritizing recent attacks on other similar healthcare companies. This measurement process accounts for the reality that not every event on the threat landscape will be as important — or even relevant — to every organization.

Typically, cyber risk intelligence incorporates a 360-degree view of risk by applying:

• Compliance frameworks, like NIST 800-53, ISO27001, and GDPR.
• Financial frameworks, like Open FAIR™.
• Insights on specific, active threats, such as ransomware or other critical vulnerability exploits (CVEs).
• Insights on an organization’s essential business processes and what threats affect them, such as critical vendors or vendors with cascading risk.

Risk Plan Development

When intelligence programs compare data against these control points, they can deliver the insights that inform actionable steps organizations must take to address the specific risks that actually matter to their business.

This final step might seem the most important, but it’s completely predicated on how rigorously the prior two steps are done. Without accurate, timely data, there can be no contextualized insights. And without contextualized insights, there is no foundation of information on which security teams can make confident, informed risk decisions.

The Benefits of Cyber Risk Intelligence

Cyber risk intelligence benefits businesses by:

Reducing uncertainty

It can be tough for security teams to tell quality data from false positives. Cyber risk intelligence automatically vets information for accuracy, meaning organizations can gain greater confidence in the insights they receive.

Defining quantitative risk

Cyber risk intelligence can ascribe a dollar amount to risk — or, probable financial impact — by using data to create risk scenarios. This allows you to get an empirical view of risk that communicates in concrete financial terms how a risk event would affect your organization.

Identifying high-interest risk areas

Cyber risk intelligence can pinpoint where exactly your organization is most at risk — and why.

Driving better business decisions

Oftentimes, security teams can feel like they’re flying blind when they’re making critical decisions. With cyber risk intelligence, security teams can have more confidence when deciding where to allocate their time, budget, and resources.

Traditional Cyber Risk Intelligence Solutions

Cyber Threat Intelligence

While cyber risk intelligence and cyber threat intelligence are similar, they do not provide the same level of value to organizations determined to ramp up their cyber defenses.

Cyber threat intelligence primarily covers searching for, gathering, and organizing data. It is purely about finding and identifying information.

The major fallback of cyber threat intelligence lies in its name. It only encompasses identifying threats in the landscape, not the actual risk those threats pose to your business, or what may happen if those threats turn into successful attacks, leaks, and breaches.

Cyber threat intelligence fails to deliver what organizations need to navigate today’s threat landscape because:

• It’s data without any insights. Security teams can do very little with data alone. Receiving uncontextualized data leaves them with the additional time-consuming task of figuring out what that data means for their organization.
• It introduces an unmanageable data avalanche — that isn’t always accurate. Cyber threat intelligence exacerbates data overload because it requires security teams to parse through data themselves to identify what’s relevant to their organization — and ensure the information they’ve received is even correct.
• It’s rife with false positives. Again, cyber threat intelligence only encompasses data identification and collection. It does not guarantee that all of the data that comes your organization’s way will be accurate. This can lead security teams down a misinformed path, which ultimately can result in making uninformed or haphazard critical decisions.

Cyber risk intelligence makes sense of cyber threat intelligence, transforming data into insights from a risk-based perspective.

Security Rating Services

Many organizations traditionally leverage security rating services (SRS) to deliver cyber risk intelligence.

These services define and determine ratings for vendors, tools, and other third-party services based on their cyber hygiene. However, there are serious drawbacks to solely relying on static ratings to provide cyber risk intelligence. Organizations accumulate intelligence gaps when they only use SRS tools because:

• They’re opaque. SRS tools determine ratings in a black box, which means organizations often have no insight into how risk scores are determined. Ultimately, this reduces the level of confidence security teams can have in ratings, as they cannot see what controls an SRS used to determine those scores in the first place.
• They lack context. Ratings are presented as objective pictures of risk. However, organizations receive minimal value from objectivity. In fact, subjectivity is far more valuable when determining risk because no organization has the exact same risk appetite. This means one vendor with a B letter grade might present an acceptable level of risk to one organization but a wildly dangerous level of risk to another.
• They can’t drive decisions. Because SRS tools are only responsible for determining static scores, they lack the necessary context and in-depth analysis that security teams require to make critical decisions — both with speed and at scale.

These factors result in significant intelligence blindspots that can make or break your organization’s defenses.

Get Contextualized Insights, in Real Time

A robust cyber risk intelligence program should:

• Illuminate your entire risk ecosystem.
• Reduce risk exposure.
• Empower better business decisions.

When organizations leverage cyber risk intelligence programs that account for context, they can rest assured that their insights are:

Accurate

Risk intelligence programs check data points against one another to ensure that they’re accurate and reduce the number of false positives in play.

Relevant

Cyber risk intelligence measures data against your organization’s specific frameworks, controls, and risk appetite. This prevents security teams from wasting time with data that does not have an impact.

Driving action

With the right cyber risk intelligence, security teams can determine for themselves the next best course of action. Plus, decisions come faster and easier when intelligence can inform risk’s financial impact.

Additionally, for cyber risk intelligence to flourish, security strategies must not approach it as a means of maintaining the status quo. Effective cyber risk intelligence solutions are conscious of the threat landscape’s only constant: change.

Our Cyber Risk Intelligence Starter Pack

Looking to expand your knowledge on building out your cyber risk intelligence program but unsure where to start? Check out our starter pack of cyber risk intelligence essentials: