You Have BRI Questions? We Have Answers
By Chris Camacho
Ever since Flashpoint expanded into business risk intelligence (BRI) several years ago, BRI has grown from a little-known acronym into a widely adopted standard for defenders across all industries. And in working closely with many of these defenders to help start, develop, and further inform their BRI programs and risk operations during this time, we’ve received no shortage of thoughtful questions about nearly every aspect of BRI. The most frequently asked ones include:
1. How does BRI compare to cyber threat intelligence (CTI)?
BRI encompasses CTI. Both types of intelligence provide visibility into potential and incoming cyber threats, thereby enabling defenders to more effectively detect and react to these threats. The main difference between BRI and CTI is that while both are suitable for detecting cyber threats, only BRI provides the enhanced context and visibility required for also addressing the business risks posed by not just cyber but also physical, fraud, and insider threats.
2. What types of data sources does BRI typically cover?
The data that fuels BRI is collected from a range of illicit online communities such as Deep & Dark Web (DDW) forums and marketplaces, card shops, chat services, paste sites, social media sites, and various other DDW and open-web sites frequented by threat actors, as well as the malware and exploits that make up their toolkits. These communities also include a number of closed, highly exclusive, and/or primary sources that are largely inaccessible to all but the most sophisticated threat actors and skilled intelligence analysts.
3. Which business functions can BRI support?
BRI can support any function that seeks to better understand, prepare for, and combat the threats, adversaries, and myriad related factors that contribute to business risk. The majority of our BRI customers at Flashpoint represent teams or functions related to cybersecurity, corporate/physical security, fraud, and insider threat.
4. What are the most common use cases for BRI?
BRI has a number of use cases, most of which pertain to cybersecurity, corporate/physical security, fraud, or insider threat. The majority of BRI operations that support these use cases have corresponding intelligence requirements (IRs) related to the following areas:
• Cybercrime: Obtain visibility into financially motivated threat-actor communities.
• Fraud-loss avoidance: Gain insight into threat-actor discussions, tactics, techniques and procedures (TTPs), and tutorials focused on fraud.
• Insider threat: Investigate insider threats and insider recruitment efforts.
• Global threat landscape: Monitor threats relevant to specific countries or regions with respect to travel, supply chain, and overseas operations.
• Compromised credentials: Detect compromised credentials or other means of gaining unauthorized access to assets or infrastructure.
• Exploits and vulnerabilities: Uncover new and emergent exploits, vulnerabilities, and information that supports risk mitigation and hygiene efforts.
• Emergent malware: Collect, analyze, and/or identify emergent malware, and associated indicators of compromise (IOCs).
• Physical threats: Identify potential or imminent physical threats to individuals, corporate offices, government agencies, or critical infrastructure.
• Data breaches: Investigate data breaches and other leaks of sensitive information.
• Disruption and destruction: Analyze or anticipate distributed denial-of-service (DDoS) attacks on networks or domains.
5. Is BRI only for businesses, or can it also support public-sector organizations?
Although public-sector organizations do not deal with business risk, they can and do benefit from applying the core principles of BRI and leveraging the data from which it is gleaned. This is largely because many of the same types of threats and adversaries facing businesses also target or otherwise impact the public sector and its constituents.
Given that BRI provides visibility into the illicit online communities where many such threats and adversaries originate and develop, it can empower public-sector organizations—from law enforcement, to federal civilian agencies, to defense and intelligence—to make more informed decisions in support of key mission objectives, servicing constituents, and protecting employees.
Chief Strategy Officer
Chris Camacho partners with Flashpoint’s executive team to develop, communicate, and execute strategic initiatives. With over 15 years of cybersecurity leadership experience, he has led initiatives across Operational Strategy, Incident Response, Threat Management, and Security Operations to ensure cyber risk postures align with business goals. An entrepreneur, Mr. Camacho also serves as CEO for NinjaJobs, a career-matching community for elite cybersecurity talent. He has a BS in Decision Sciences & Management of Information Systems from George Mason University.