An expert suggests that IT risk management should be made part of a company’s cyber threat intelligence (CTI) program, instead of being completely separate from it.
Risk management involves careful balance of the operational and economic costs of protecting operations, whereas CTI deals more with researching and analyzing cybercrime trends.
In a feature on SecurityWeek.com, SurfWatch Labs chief security strategist Adam Meyer argues that by integrating digital risk monitoring into an operation’s CTI capability, an organization should be able to better understand its weak points, discover how malicious actors’ capabilities align with the opportunities it presents them, and find ways to stay one step ahead of cyber attackers.
Search and compare product listings for Cyber Insurance from specialty market providers here
According to Meyer, digital risk management should be a part of CTI for the following reasons:
- It is collecting data on risks and threats to your organization
- It is informing decision makers as to their “level of presence” within the digital realm
- When data is collected it is evaluated based on impact to the organization
- You can derive “Course of Action” from the effort and seek to change outcomes
- You can understand what actor motivations and intentions are as it directly relates to your organization
Meyer also stresses that incorporating risk management into CTI would allow an organization to consider the potential business risk of a cyber threat, aside from the information security danger it poses.
Different areas of digital risk exist, Meyer pointed out, and they can suddenly manifest depending on the opportunities an organization presents to its would-be attackers. Employees could be victimized into giving up sensitive information via a social engineering technique, IoT devices can be exploited to gather information, online supply chains could be abused by hackers to steal customer information – these issues are not readily apparent to an organization, and will require enough visibility and understanding of risk levels to properly manage.
“Understanding your digital risk is a key ingredient to the mix when crafting or adding to a threat intelligence program,” he said.
Related stories:
Why brand reputation is the biggest risk of 2017
Bill Gates predicts the next big global risk (and no, this time it’s not cyber)