A study by Gartner called “Security and Risk Management Scenario Planning, 2020” found that by the year 2020, 30% of all global 200 companies will have been directly impacted by independent cyber criminals or cyber activists. It’s not a totally surprising claim because most organizations focus on control gaps and vulnerabilities when performing their risk assessments while they neglect to take threats into account. This is due to the fact that threat strategies, competences, and actions are hard to determine.
At the 2014 RSA Conference, a major topic was threat management and intelligence. Not only were the topics covered in workshops and presentations, but a large number of vendors showcased their newest security threat technology. The goal was to assist security professionals in strengthening their existing security protocols with better visibility.
For a security incident to occur, there must be a vulnerability present in some form, such as:
Then a threat must discover and exploit that vulnerability. Typically, security professionals have no control over the threats that affect their business, which has in the past led to neglecting threats as part of risk assessment. Instead the focus is put on more visible facts like vulnerabilities and control failures. But the amount of vulnerabilities facing businesses today has expanded at staggering rates – it’s nearly impossible to deal with all of them without trying to determine the likelihood that they will be exploited.
By 2020, Gartner predicts that 25% of global enterprises will engage in services of a “cyberwar mercenary” organization, including threat intelligence services. Subscribing to these services is cost-prohibitive for many businesses because subscriptions run up to hundreds of thousands of dollars each year. Plus, threat intelligence is not yet a mature market with inherent weaknesses such as the lack of measurement parameters (like reliability of information and risk assessment).
Threat intelligence services add to the volume, velocity, and complexity of data feeds that need to be analyzed and prioritized. They require experts who can go through huge volumes of information to correlate threat intelligence, vulnerability data, and other files.
Luckily, new technology is always emerging, and with big data risk management it will be easier not only to combine different threat intelligence feeds, but also associate security data with its business criticality or risk level to the organization.