Business Risk Intelligence is Foundational to Insider Threat Programs
While giving my notice at my old job on my way to Flashpoint, my former boss asked, “Do you have another job?”
“Yes, I’m going to Flashpoint”
“The threat intelligence company?”
That was neither the time nor the place to explain that I was joining Flashpoint because of how it goes far beyond traditional threat intelligence offerings to provide Business Risk Intelligence (BRI), so I simply said, “Yes.”
He inquired as to whether I would be providing intelligence services; a fair question given my background focusing on insider threats.
“No, I’m going to be the Principal Advisor of Insider Threat.”
To which he replied, “Of course! If you had an APT actor in your environment, that’s how you’d catch him. Makes sense to me.”
Although he was right, this reply led me to other thoughts:
There can be so much more to intelligence than learning about another APT actor; or using one tool versus another. Yes, in the traditional model of consuming intelligence, you get a piece of intelligence and then you run off and look for an actor or a threat in your environment. In parallel, damn the torpedoes, full speed ahead on hardening the environment to protect it.
You apply the Flashpoint BRI methodology and take the uncommon but powerful step of leveraging it within an Insider Threat Program (ITP). Through your Flashpoint subscription, you are alerted that certain actors are targeting your industry or even your company specifically, perhaps, and naturally, you need to see if you’ve already been impacted.
In this scenario, before you damn the torpedoes, you’re now able to take a risk-based approach to hardening your environment. Perhaps, in this case, you see that a threat represented by this particular piece of intelligence would affect only a small piece of your business, and that impact would not really be, well, all that impactful. So, you add it to your risk library with a lower priority. You’ve saved yourself a lot of money and effort while keeping yourself focused on what’s truly important.
You determine how that threat would manifest in your environment. This critical step is one most organizations don’t take and they should. The good news: your ITP comes with the built-in capability to monitor for that threat. BRI helps you rank the threat in your implementation roadmap by applying a risk-based approach to determine how impactful the threat could be, prioritizing it appropriately, and overlaying how difficult or expensive it would be to begin monitoring. By incorporating this connectivity to your Insider Threat Program, you don’t “hunt” for it; you continuously monitor for it.
By applying BRI, you have the ability to take intelligence from any source and make solid, data-based decisions to appropriately mitigate your organization’s risk. Linking intelligence, BRI, and an ITP is the leap forward in this space — hence my leap to Flashpoint.
I suppose I could’ve explained this to my previous boss, but since I’m clearly good with words, I settled on “Yup.”
This is the first in a blog series from Walter Cook focusing on his expertise building Insider Threat Programs. Learn more about how BRI can be used to combat insider threats.