How Can Organizations Learn About Cyber Campaigns?
Information on cyber campaigns can be found from both public and private sources. The first blog post in this series discussed multiple publicly accessible websites that offer information on cyber attacks and campaigns. Mentioned sources included news or threat intelligence reports and documents shared by both think tanks and government agencies.
Threat intelligence platforms, or interactive interfaces, that present information about cyber attacks also provide information on cyber campaigns. Some threat intelligence platforms are accessible to the public and allow public users to access data organizations store on cyber attacks and movements.
VerSprite, for example, hosts Signas, a threat intelligence platform that allows organizations to upload and manage information on cyber attacks and campaigns in the STIX II data format. Signas will enable users to keep their data private and only share it with VerSprite, or they can share it publicly. Publicly shared data allows all other Signas users to learn from data other users upload. Organizations or individuals interested in Signas can register to use the platform by emailing [email protected].
What are the Benefits of Structuring Information on Cyber Attacks and Campaigns in the STIX Data Format?
Two main reasons organizations benefit from structuring cyber attack data in the STIX format include:
Interpretability – persons with or without cybersecurity industry experience can easily understand STIX formatted data. Therefore, Organizations can feature STIX data in organizational reports, hand-outs, and presentations that audiences can grasp.
Transferability – STIX data can also be shared via TAXII servers or digital data transferring mechanisms to relay information about cyber attacks. Communicating information, especially on current trends such as hacktivism related to repeated police brutality, is essential for organizations that analyze and learn from cyber-attacks and campaigns.
Why Analyze Cyber Campaigns?
Cyber campaigns can provide risk management and security teams insights into cybersecurity and geopolitical risks. By definition, cyber campaigns feature information on more than one cyber attack. This means cyber campaigns:
Provide multiple cyber attacks for researchers to analyze
can demonstrate how cyber attacking a target is meaningful to a threat actor
can provide multiple insights on the successes and failures of organizational cybersecurity policies, practices, and procedures
These three factors make cyber campaigns useful for analyzing security teams, intelligence agencies, and academic institutions.
Cyber Campaigns Offer Insights into Cybersecurity and Geopolitical Risk
Cyber campaigns offer deep insights into cybersecurity and geopolitical risks for private sector companies. The Venn diagram below summarizes specific concepts related to both geopolitical and cybersecurity risks that cyber campaigns can provide information on:
A list of concepts cyber campaigns provide information on regarding geopolitical and cybersecurity risks
As one of the only cybersecurity consulting firms with a geopolitical risk practice group, VerSprite understands how cyber campaigns reported worldwide affect the security of multi-national organizations. VerSprite has the resources and expertise to mitigate potential geopolitical and cybersecurity risks that are top concerns for business leaders worldwide.
What Can Cybersecurity Professionals Learn from Cyber Campaigns?
Third-party cybersecurity consultants, internal information security teams, information security team leaders, CISOs, and government counterintelligence agencies can use cyber campaigns to understand various dynamics of cybersecurity risks. Security professionals can strengthen organizational cybersecurity policies, practices, and procedures by having a deeper understanding of these risks and how they are related. In particular, cybersecurity professionals can learn about the following:
Sources of risk, such as third parties, including industry affiliates, potential vulnerabilities, or malpractices of institutions.
Information that helps resolve cyber attacks against industries, such as escalation techniques of threat actors, everyday uses of credentials collected by cyber criminals, or threat actors’ tactics, techniques, and procedures (TTPs). This information can also be used to mitigate the damages of an active compromise.
Characteristics of cyber risk that can help security teams assign priority levels in cybersecurity policies, practices, and procedures, such as incident response plans. Some characteristics of interest to information security teams include damages of common industry attacks, success rates of an attack technique, escalation capabilities of threat actors based on vulnerability exploited, attack techniques used by specific threat actors, and industry attack trends.
These various components of cyber risk can be used by third-party consultants to make more sophisticated service offerings. CISOs and security teams can use these insights to write policies that mitigate organization-specific cybersecurity risks based on cyber risk factors that cyber campaigns reveal. Organizations can also develop state-of-the-art organizational threat models or charts which depict how threat actors could compromise various applications, or data and process flows of an organization, based on cyber campaign data.
Information security teams, in particular, benefit from knowing third parties that threat actors are more likely to target based on patterns observable in cyber campaigns, such as data-specific threat actors frequently target. Information security teams also benefit from establishing red teaming exercises on previous campaigns conducted by cybercriminals, knowing attack techniques to prepare against, and basing security training exercises on incident analysis encompassing everything from packet captures (PCAPs) to indicators of compromise used by threat actors who target similar organizations.
What Can Business Executives and Geopolitical Risk Management Professionals Learn from Cyber Campaigns?
Political consultants, project managers, C-SUITES, organizational presidents, government intelligence agencies and branches, security policy writers, and public relations specialists can understand cyber campaigns to avoid specific risks associated with business expansion, location, and third-party vendors. There are also certain business practices that cyber campaigns can help business executives understand are riskier than others. A list of geopolitical insights cyber campaigns can inform professionals surveying geopolitical risks is below:
Locations with heightened security risks, including locations with civil upheaval, locations at risk due to poor international relations, or countries with corrupt governments. Organizations may also face increased risks in defined spaces because of strategic assets, including high-value target data such as corporate secrets or military intelligence.
Marketplace practices that present risks, such as adopting various technologies or following practices related to social, environmental, and health-related responsibilities, such as working remotely due to social distancing.
Information on third-party risks, such as target data of interest, sector-specific attacks, or location-based threats.
Risks predictable from the behaviors of threat actors, such as corporate espionage attempts, property destruction, or business disruptions.
Cyber campaigns provide intelligence that can help business executives and risk management specialists avoid risks specific to various locations, create business models that address geopolitical and cyber-centric risks, make security policies that mitigate third-party risks, and prepare for risks presented by nefarious actors, such as cybercriminals or nation-state backed threat actors.
Risk consulting firms, government intelligence community members, and public relations specialists, in particular, can relay more informed advisories and intelligence reports, design more detailed disaster recovery plans, and write business models that address geopolitical risks by examining cyber campaigns.
What Services Does VerSprite Offer Based on Cyber Campaigns?
Cyber campaigns are foundational for many of VerSprite’s services and deliverables. Beyond hosting Signas to organizations worldwide, VerSprite also gathers intelligence on cyber movements from more private sources. These public and private sources provide information the Geopolitical Risk Team bases service offerings on, such as geopolitical and cybersecurity risk assessments, market entry analyses, interactive simulations, on-demand consultations, mergers, acquisitions, talent assessments, or third-party risk assessments.
VerSprite also specializes in providing threat intelligence services based on data from cyber campaigns. Our security consultants can provide organizations with threat intelligence reports that provide information on both threat actors and suspicious activities within computer networks or infrastructure. Threat information actors help security teams resolve active compromises quickly because organizations can more easily deduce which threat actors are likely conducting an attack.
Information on suspicious activities and threat actors also helps organizations in two additional ways. First, security teams can respond to active compromises quickly by knowing which threat actors target similar companies. Second, internal security teams that discover suspicious activities within organizational infrastructure can determine which data processes, flows, and applications to remediate based on the probability an attack may escalate or the extent of possible damages during threat and vulnerability lifecycle assessments; cyber campaigns provide information, which is grounded in reality, on the possibility of attack escalation and spread of potential injuries.
Want to learn more about STIX or Geopolitical Risk?
Cybersecurity and geopolitics are inextricably linked. To holistically tackle threats to our information security, we must take a step back and examine their causal roots and drivers, which take place day after day on the international stage.