How Cyber Risk Intelligence Works
Information Gathering
Cyber risk intelligence leverages thousands upon thousands of data points to deliver the insights your organization needs to stay readily armed against potential attacks. Most cyber risk intelligence programs utilize open-source intelligence (OSINT) to gather that information. OSINT is data collected from publicly available sources that security teams can use in an intelligence context.
In the most successful cyber risk intelligence programs, security companies continuously scan social media, websites, and networks throughout the web for information on new attacks, leaks, breaches, and vulnerabilities in the threat landscape. They keep their finger on the pulse of the latest updates in the threat landscape.
OSINT can be collected from security companies — or it can even come from hackers themselves. In fact, sometimes the data provided by threat actors can be the most useful to organizations since it’s coming directly from the source.
Contextualized Data Analysis
Once information gathering is complete, cyber risk intelligence programs then transform data into contextualized insights that provide a foundation for better business decisions. To do so, any cyber risk intelligence program worth its salt will take the data it has collected and measure it against concerns specific to an organization.
For instance, a risk intelligence program for a healthcare organization might deprioritize data on a recent string of attacks manipulating a vulnerability it does not have while prioritizing recent attacks on other similar healthcare companies. This measurement process accounts for the reality that not every event on the threat landscape will be as important — or even relevant — to every organization.
Typically, cyber risk intelligence incorporates a 360-degree view of risk by applying:
- Compliance frameworks, like NIST 800-53, ISO27001, and GDPR.
- Financial frameworks, like Open FAIR™.
- Insights on specific, active threats, such as ransomware or other critical vulnerability exploits (CVEs).
- Insights on an organization’s essential business processes and what threats affect them, such as critical vendors or vendors with cascading risk.
Risk Plan Development
When intelligence programs compare data against these control points, they can deliver the insights that inform actionable steps organizations must take to address the specific risks that actually matter to their business.
This final step might seem the most important, but it’s completely predicated on how rigorously the prior two steps are done. Without accurate, timely data, there can be no contextualized insights. And without contextualized insights, there is no foundation of information on which security teams can make confident, informed risk decisions.