Recency
Cyber Risk Management is getting difficult. On the one hand, as cyber tools become ever more capable, they are increasingly used to service the work of nation states and their increasingly resourceful and resourced criminal counterparts.
On the other hand, as regulations and law enforcement activity becomes increasingly prevalent and effective, the perpetrators for cyber crime are becoming risk-adverse—an increasing number of cyber criminals are becoming malware authors for hire.
Relevance
Is it possible to mitigate these mega-risks with a barrage of resources (possibly superior), an impaired regulatory environment and questionable or non-existent penalties for nations that support cyber criminals? Of course, the answer is no. Here’s where Business Threat Intelligence can help:
Measurable
Business Threat Intelligence is about transparency, analysis and communicating the findings of that research to multiple stakeholders to create a common understanding among all parties, to create a shared behavior. This increases the efficiency of the team because they are ‘always on’ and can spend less time deconstructing the levers that can influence the risk environment.
Subjective
Business Threat Intelligence is about objective research into the soft environment: human factors such as economic activity, activity in commerce and business, community dynamics, all of which influences and is influenced by cyber risk.
Interaction
Just because a cyber crime exists is no reason not to chase it. For example, a criminal may receive money from the sale of a product. That’s an actionable offense and there’s plenty of opportunities to put the screws to this organizational information security system to get information on the seller, the customer, the market, the merchant service providers and on and on. Information itself accomplishes a lot of risk mitigation.
Transparency
Business Threat Intelligence is about some of the most comprehensive and accurate information on the internet without becoming the de facto single source of truth. Intelligence also means arresting your own organization’s cyber risk by mitigating or losing employees along with their cyber related knowledge.
Perform
Business Threat Intelligence is about trust in your partners and contacts and playing an important role in the mitigation of risk.