Commissioned by CYFIRMA
1 Introduction / Executive Summary
Cyber risks are on the rise. The number of attacks is growing. Each day, new vulnerabilities are identified. More and more organizations fall victim to cyber-attacks. While cybersecurity has moved into the focus of the board of management, and while cybersecurity spending has been increased, the effectiveness and efficiency of many of the cybersecurity activities must be questioned.
There are three more aspects to consider. Cybersecurity spending will never be able to grow as fast as attacks increase. Just trying to defend is not sufficient – organizations must get ahead of the cybercriminals and move beyond introspective approaches on cybersecurity by understanding the external threat landscape. Finally, the pace of change: Cybersecurity needs to keep up with this pace. Cybersecurity initiatives thus must take a focus beyond the traditional, introspective approach of protection, detection, and response, and become proactive.
This requires a thorough understanding of the attackers, their rationales, their targets, and their methods. To take an analogy: Successful organizations sell strong because they understand their customers. Organizations also will be more successful in cyber defense when they understand their attackers and how they look from a hacker’s perspective.
While there always remains the need of knowing the IT assets (including shadow IT) of the organization and the attack surface, but also 3rd party risks along the supply chain, it is equally important to understand which vulnerabilities are currently actively exploited by attackers and which types of organizations, industries, and technology stacks are primarily targeted by attacks. Also, the specific risks for the own organization and brand, by either being a preferred target of certain groups of attackers, or by sensitive information such as code, passwords, or other information sprawling in the dark web, must be considered.
This requires a solution that provides more comprehensive insight into the state of cybersecurity and that correlates information across all these areas, from the insights into the hacker’s intent and behavior to the concrete risk exposure of an organization. This is the foundation for targeting cybersecurity initiatives and concentrating on the most critical vulnerabilities at any point in time.
CYFIRMA delivers a Unified External Threat Landscape Management Platform that helps in gathering insights from both the organization and the external world, including proactively and continuously monitoring the dark web, the surface web, and social media platforms, and can correlate all that information, guiding organizations and their cybersecurity teams in taking the right actions and understanding change in the risk exposure or the organization.