The Concept of Threat (and stuff)
Threats, Risk and Vulnerabilities
<aside>
π Threats
</aside>
Threats are the things which want to cause harm to the organisation
<aside>
π Vulnerabilities
</aside>
- It means the flaws which someone can use to cause harm
- Prioritisation is important, rather than going all out trying to control every single vulnerability
<aside>
π What is risk?
</aside>
- We know prevention and detection is important, but at the end of the day, everything we do is all about reducing the risk
- Risk is the likelihood of something bad happening to our entity
$$
Risk = Threats * Vulnerabilities
$$
- To minimise risk, we must reduce either threats or the vulnerabilities, but threats can't be controlled, things which could cause harm? How can we control them
Threat mapping
The continuous process of tracking and understanding critical threats to our entity.
<aside>
π How to do threat mapping?
</aside>
- Before even spending a dime on security, we need to ask ourselves three things: What is the risk? Is it the highest priority? What wold be the most cost-effective way to reduce this risk?
- Taking a piece of paper (not anymore, as with less space, we will only think about things that are important) and breaking it into three columns
Column 1
Our critical assets and the business processes that support them
Column 2
Who would want to cause harm to our organisation?
Column 3 (The Security Roadmap)
The vulnerabilities that would help these threats manifest
Threat agents
- Somebody (individual, group of people, organisation) capable and motivated to carry out an attack using their own techniques.
- Different threat agents have different goals, different attack techniques, and different levels of risk tolerance.
- Natural Disasters also come under threat agents
<aside>
π Cyber Criminals
</aside>
Criminals who profit off from computer based illegal activities, have a low risk tolerance in general and try to earn maximum money from minimal effort
<aside>
π Hacktivists
</aside>
Don't cover their tracks, and voluntarily disclose about public wrongdoings and other illegal things
<aside>
π Advanced Persistent Threats (Cyber Espionage)
</aside>
- Theyβre well funded and sometimes sponsored by the government, and have a very certain mission with spectacular team organisation like gathering intelligence or causing disruption to subvert the interests of an entity
- The attacks are highly targeted and sophisticated, and these are people to go to any length to get what they want, not just the low hanging fruits, all this in the sneakiest way possible
- The duration of their persistence last from months to years
Dealing With Insider Threats
What if we have someone on the inside wanting to hurt the organisation, stealing and ex-filtrating data, that someone can be referred to an as Insider Threat and it can be anyone starting from an employee to a business partner.
<aside>
π Identification of Insider Activity
</aside>
All this must be done only after consulting with the HR department and getting their approval
- Gathering intelligence on system activity: What sites are being visited? What servers? etc
- Monitoring message boards for posted financial or merger information and gathering intelligence on our employee's activities
<aside>
π Insider Threat Assessment Checklist
</aside>
- [ ] The hardware equipment being used
- [ ] The Operating System
- [ ] Identify the suspect's IP address
- [ ] Monitoring his online activity and his IP address
- [ ] Monitoring the email address and the numbers being called
- [ ] Monitoring work habits
- [ ] Performing off-hours visit and creating a system image of his computer for digital forensics
- [ ] Reviewing the data present on the machine
- [ ] Summarise the findings
- [ ] Interviewing the insider if required and doing background checks on the insider
Dealing with Intellectual Property Cases
<aside>
π Preparation: Surveying our Intellectual Property
</aside>
- Do we have marks for our brand?
- Is our core material copyrighted?
- Can we identify trade secrets?
<aside>
π Containment: Criminal or Civil Case?
</aside>
- We should work with lawyers to decide the same
- If it's a criminal case, we should contact law enforcement
- If it's a civil case, the lawyers should issue a cease and desist letter.
<aside>
π Identification
</aside>
Looking for leaks and theft
Cyber Laws