Threat analysis as a tool for efficient security strategies: If you know the enemy and know yourself, you needn't fear the outcome of a hundred battles.
“Sun Tzu”.
Often, the first question when faced with defining an organization's security strategy revolves around the frameworks and working methodologies used. NIST CSF and ISO 27001 are the most recognized and widely used for designing security strategies that help increase the security of an organization's information.
The sad reality for many security managers is a lack of resources—both financial and human—to implement all the controls that make up a comprehensive security strategy. Therefore, it is important to identify the most vulnerable areas to be affected in order to create an efficient security strategy.
Security Strategies: Identifying Susceptible Elements
In these cases, one of the most effective options is to try to identify the elements most susceptible to attack, the most exposed, the most vulnerable. Then, understand who our most likely adversaries are.
An organization's main characteristics largely define its attractiveness to an attacker. What are our organization's main characteristics? What parameters define an organization's internal threat context? We can look at several elements: the sector and type of service are relevant, but also the organization's size, its financial statements, its client types, internet exposure, information sensitivity, etc.
Now let's put ourselves in the shoes of an attacker. What might be an attacker's interest for my organization? The greatest motivation is usually financial gain. Currently, cybercrime is one of the most profitable illegal activities in existence, surpassing drug or arms trafficking. However, there are other objectives, such as espionage or impacting a company's availability and reputation.
If we look at the external context, we must be aware of events occurring in companies with similar characteristics or appeal. What are the main threats and most notorious incidents currently? For several years now, the word ransomware has been heard frequently, and other types of threats, such as DDoS attacks, are so common that they don't even attract the attention of the industry. However, in recent weeks, there have been several cases of significant information leaks in entities from different sectors and sizes, including giants with significant capabilities.
A curious characteristic of the most sophisticated attackers—such as organized crime groups—is that they use similar tactics, techniques, and procedures. This can be interpreted as a signature of their activities, a kind of pattern that can become an identifying factor.
Technology in threat analysis
And what about technology? It's obviously a factor to consider, but with caution. Artificial Intelligence and Quantum Computing are constantly being talked about in the offensive technology hype cycle. However, today, AI augments certain capabilities for attackers with fewer resources. And quantum computing isn't yet mature enough to pose a real threat, but beware: they are characterized by rapid development.
Well, if we know our weaknesses, our attractiveness, who our main opponents will be, their motivations, characteristics, and even their modus operandi, we will better focus our efforts on protecting our most vulnerable elements from attack in the face of the most frequent events.
Learn much more about security strategies and threat analysis on our blog. Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.
