Organizations and their third parties face a significant challenge when it comes to understanding the increasing number of cyber risks posed to their ecosystems. But a great way to overcome this challenge is to measure your security, as well as the security of your third parties, against cyber threat uses cases.
By analyzing real-world events and known community concerns against your and your third party’s controls, you can better understand the potential impacts of various security incidents, and identify and prioritize risk. Further, comparing threat use cases against existing cyber security controls will enable your organization to have informed conversations about gaps in controls that could lead to security incidents.
Here are three use cases that can be used to identify opportunities to proactively improve your risk posture.
By improving or implementing security controls around these use cases, you can effectively prevent or counter an attacker’s moves. For example, if we look closer at the DDoS use case example, we can identify insights on how to counter the steps a DDoS attacker may take:
An attacker states their intent on the dark web to execute a DDoS attack against specific banks.
Countermeasure: The bank leverages threat intelligence to monitor for threats that may impact their business.
The attacker creates a plan and method for the DDoS attack.
Countermeasure: The bank shares threat intel through its information sharing program with its third parties.
The attacker initiates the DDoS attack against the bank.
Countermeasure: The bank and its partners have implemented technical DDoS mitigation controls to limit the impact of the attack.
Your organization's understanding can be improved by applying multiple threat analytical models to map threat actor techniques and identify security controls that can be effective in preventing, detecting, and correcting security incidents. By understanding threat actor motivations and techniques, we can help prioritize limited resources towards protecting against the greatest risks you are facing.