Threat Reconnaissance, or Bust?

It’s widely acknowledged that the role of CISO is one of the most stressful in the world of Cyber.  Not only do they have to create, launch and run a complex program of defensive measures, there really is no telling what cyber related risks and threats lie around the corner, adding further pressure to them and their team.

 

With cyber attacks, and ransomware related ones in particular on an upward, not downward trend, what is going to help CISOs sleep better and avoid the health issues that so many of them experience during their career?

 

The answer may already lie within their organization, with people already employed, with processes and procedures already in place, with solutions already deployed, the missing recipe is simple; visibility.

 

Our recent Ponemon Survey called out that even organizations with a mature Cyber Security strategy, with experienced teams and budgets exceeding $100m+, are not fully realizing the value of their Threat Hunters.  We sometimes get the impression it’s a case that internal awareness of the Threat Hunters’ very existence may be the biggest challenge.  Ponemon, having dissected numbers and analysed the data, enabled us to draw some conclusions that senior executives may not even be aware of something; that in some quiet corner these people exist.  Once discovered, savvy CISOs are now figuring out how to fully equip and extract their value.

 

However, remaining unaware of Threat Hunters and leaving their value untapped is a significant oversight, as we’ll explore.

 

Threat Hunters can be of significant strategic importance at mitigating cyber and ransomware attacks if they are empowered by Threat Reconnaissance, that is given the ability to view global internet infrastructure and find patterns in the traffic and nodes that uniquely relate to their organisation.  These individuals are already in possession of the skills they need to start external threat hunting from viewing internal network telemetry and mapping IoCs to known threats, 

 

Properly equipped with that level of visibility and knowledge, Elite Threat Hunters (as they are formally known) can start to deliver back significant and tangible ROI as we found during our Forrester Total Economic Impact (TEI) study based on a 100,000 strong workforce.

 

As a CISO, Elite Threat Hunters can transform your entire cyber defense approach from being reactive, to proactive.  What this means in terms of tangible financial savings was explored in the Forrester TEI, and for the customer in question can be broken down into the following value sections.

 

  1. Data breach risk reduction, saving $4,5m.
    • Achieved by automatically updating block lists for tracked threat actors, providing learnings for the incidence response (IR) team, and having external teams play a role in incident responses.
  2. Sunsetted cyber intelligence analyst firms saving $1,7m.
    • able to completely stop using three of these firms due to the data, visibility, and learnings about threat actors that Recon provides.
  1. More effective third party risk management saving $1,3m.
    • Improved monitoring of many key or high-risk third parties, frequently identify compromised third parties early, notified compromised third, significantly reduced successful breaches and reduced pressure on internal incident response (IR) teams.
  1. Reallocation of labor by automating blockage of phishing attacks, saving $609k.
    • Recon allowed the organization to reduce the number of data sources it uses to update its block list and to automate some key block list updates.
  1. Elevated M&A risk awareness.  Averted malware attack on new organizational acquisition, saving $771k.
    • Recon enabled them to see that a new subsidiary was compromised before it was under the corporation’s security umbrella.

 

In total, over three years, the tangible financial gains were $7.5M, netting an incredible 488% ROI.

 

If you are unaware of the Threat Hunters within your organization, you just aren’t yet clear on their value, or haven’t yet equipped them with the Threat Reconnaissance capabilities of Recon to achieve the above financial gains, become a hunter yourself and go look for them.