In this second article of a three-part series, VerSprite discusses how independent consultants and organizations can learn about geopolitical and cybersecurity risks from cyber campaigns.
As defined by the Structured Threat Intelligence eXpression data standard, or STIX, cyber campaigns are a series of cyber attacks conducted against an entity for a specific purpose.
Information on cyber campaigns can be found from both public and private sources. The first blog post in this series discussed multiple publicly accessible websites that offer information on cyber attacks and campaigns. Mentioned sources included news or threat intelligence reports and documents shared by both think-tanks and government agencies.
Threat intelligence platforms, or interactive interfaces, that present information about cyber attacks also provide information on cyber campaigns. Some threat intelligence platforms are accessible to the public and allow public users to access data organizations store on cyber attacks and campaigns.
VerSprite, for example, hosts Signas, a threat intelligence platform that allows organizations to upload and manage information on cyber attacks and campaigns in the STIX II data format. Signas allows users to either keep their data private, and only share data with VerSprite, or users can choose to share their data publicly. Publicly shared data allows all other Signas users to learn from data other users upload. Organizations or individuals interested in Signas can register to use the platform by emailing [email protected].
Two main reasons organizations benefit from structuring cyber attack data in the STIX format include:
Cyber campaigns can provide risk management and security teams insights into cybersecurity and geopolitical risks. By definition, cyber campaigns feature information on more than one cyber attack. This means cyber campaigns:
These three factors make cyber campaigns useful for security teams, intelligence agencies, and academic institutions to analyze.
Cyber campaigns offer deep insights into both cybersecurity and geopolitical risks for private sector companies. The Venn diagram below summarizes specific concepts related to both geopolitical and cybersecurity risks that cyber campaigns can provide information on:
As one of the only cybersecurity consulting firms with a geopolitical risk practice group, VerSprite understands how cyber campaigns reported around the world affect the security of multi-national organizations. VerSprite has the resources and expertise to mitigate potential geopolitical and cybersecurity risks that are top concerns for business leaders around the world.
Third-party cybersecurity consultants, internal information security teams, information security team leaders, CISOs, and government counterintelligence agencies can use cyber campaigns to understand various dynamics of cybersecurity risks. By having a deeper understanding of these risks and how they are related, security professionals can strengthen organizational cybersecurity policies, practices, and procedures. In particular, cybersecurity professionals can learn about:
These various components of cyber risk can be used by third-party consultants to make more sophisticated service offerings. CISOs and security teams can use these insights to write policies that mitigate organization-specific cybersecurity risks based on cyber risk factors that cyber campaigns reveal. Organizations can also develop state of the art organizational threat models, or charts which depict how threat actors could compromise various applications, or data and process flows of an organization, based on cyber campaign data.
Information security teams, in particular, benefit from knowing third parties that threat actors are more likely to target based on patterns observable in cyber campaigns, such as data specific threat actors frequently target. Information security teams also benefit from basing red teaming exercises on previous campaigns conducted by cybercriminals, knowing attack techniques to prepare against, and basing security training exercises on incident analysis encompassing everything from packet captures (PCAPs) to indicators of compromise used by threat actors who target similar organizations.
Political consultants, project managers, C-SUITES, organizational presidents, government intelligence agencies and branches, security policy writers, and public relations specialists can understand cyber campaigns to avoid specific risks associated with business expansion, location, and third-party vendors. There are also certain business practices that cyber campaigns can help business executives understand are riskier than others. A list of geopolitical insights cyber campaigns can inform professionals surveying geopolitical risks is below:
Cyber campaigns provide intelligence that can help business executives and risk management specialists, avoid risks specific to various locations, create business models that address geopolitical and cyber-centric risks, make security policies that mitigate third party risks, and prepare for risks presented by nefarious actors, such as cybercriminals or nation-state backed threat actors.
Risk consulting firms, government intelligence community members, and public relation specialists, in particular, can relay more informed advisories and intelligence reports, design more detailed disaster recovery plans, and write business models that address geopolitical risks by examining cyber campaigns.
Cyber campaigns are foundational for many of VerSprite’s services and deliverables. Beyond hosting Signas to organizations around the world, VerSprite also gathers intelligence on cyber campaigns from more private sources. These public and private sources provide information the Geopolitical Risk Team bases service offerings on, such as both geopolitical and cybersecurity risk assessments; market entry analyses; interactive simulations; on-demand consultations; merge, acquisition, and talent assessments; or third-party risk assessments.
VerSprite also specializes in providing threat intelligence services based on data from cyber campaigns. Our security consultants can provide organizations with threat intelligence reports that provide information on both threat actors and suspicious activities within computer networks or infrastructure. Information on threat actors helps security teams resolve active compromises quickly because organizations can more easily deduce which threat actors are likely conducting an attack.
Information on suspicious activities and threat actors also helps organizations in two additional ways. First, security teams can respond to active compromises quickly by knowing which threat actors target similar companies. Second, internal security teams which discover suspicious activities within organizational infrastructure can determine which data processes, flows, and applications to remediate based on the probability an attack may escalate or the extent of possible damages during threat and vulnerability lifecycle assessments; cyber campaigns provide information, which is grounded in reality, on the possibility of attack escalation and extent of possible damages.
VerSprite offers a library of articles, webinars, ebooks, and more that organizations and individuals can access to learn more about geopolitical risks. The ‘What is Geopolitical Risk & Why Do You Need It?’ blog post can help readers understand how geopolitics present risks to organizations regardless of size or location.
VerSprite also offers resources on application security testing and development, topics related to cybersecurity legal compliance, threat and vulnerability management, and other cybersecurity-centric topics.
VerSprite is a cybersecurity consulting firm that specializes in providing businesses risk management solutions. Practice areas of VerSprite include application technology solutions, development interface specializations, governance and compliance measures, and more. VerSprite’s Geopolitical Risk (GPR) team focuses on mitigating cybersecurity risks foreshadowed by geopolitical occurrences.
Organizations can learn about their threat environments by contacting VerSprite’s security experts. Traditional services of GPR include conducting due diligence investigations, vetting vendors and partners, preparing for businesses for expansion, and assessing the effectiveness of cybersecurity plans or strategies. Businesses working with partnering companies should also consider merger and acquisition and joint business services.