2. Introduction:
In today’s world of global complexity and instability, security teams face
unprecedented challenges in safeguarding their organizations. Executives and
practitioners alike need to ask themselves: are we equipped with the insight
and capability to effectively protect our organization now and in the future?
Your organization and leaders know they can’t be reactive. The news is littered
with stories of businesses who were disrupted by cyber threats and suffered
reputation damage, financial losses, and operational downtime. Leadership
needs to know if your organization is resilient, able to stay secure amidst turmoil
and continue to thrive so they can be more successful in the long term.
Threat intelligence provides security teams with a significant advantage.
It is the connecting layer across your cyber, supply chain, and physical
infrastructure that powers your security tools, processes, and people to reduce
operational risk.
By implementing threat intelligence, security teams can proactively defend
against threats targeting both your dynamic attack surface and third-party
relationships. Furthermore, they can strengthen defenses against ransomware
attacks and enhance operational workflows through automation.
In this eBook, we will explore the challenges that increase operational risk and
demonstrate how threat intelligence can empower your team to overcome them.
Key Topics covered in this eBook:
• Why security teams should be concerned with operational risk
• The advantage that Threat Intelligence provides
• Four key challenges increasing operational risk and how to
overcome them with Threat Intelligence
• The Power of Recorded Future for reducing operational risk
“The character of cyber threats has
changed. Respondents now believe that
cyber attackers are more likely to focus
on business disruption and reputational
damage. These are the top two concerns
among respondents.”
- World Economic Forum,
Global Cybersecurity Outlook 2023
3. What is Operational Risk?
Operational Risk is the risk of loss due to failed
internal processes or external events. Resulting in
business disruption, system failure, infrastructure
damage, fraud & more.
Organizations of all sizes, across the world face operational risk. It is the
nature of the complex digital and physical worlds we operate in today.
These risks don’t stem from one point, they can arise from technical failures,
human errors or omissions, failed internal processes and systems, or from
external events that are nearly impossible to control or plan for.
of companies who have
experienced a cyber
incident over the past
two years have suffered
lost productivity 1
organizations
have experienced
a significant outage in
the last three years that
negatively affected their
reputation, revenue, and
compliance adherence 2
41%
1in 5
Why Does
Operational Risk Matter?
As businesses grow more interconnected and dependent on technology,
safeguarding sensitive data and reducing operational risk has become
increasingly important. Yet the complexity of cyber threats makes it difficult
to manage operational risk and impacts to:
• Business disruptions
• Infrastructure
• Employee and client safety
Clients unable
to access their data
Poor client
experience
Customers unable
to transact
Purchase similar
item from competitor
Employees unable
to use their tools
Loss of
productivity
Customer data
compromised
Trust
goes down
Risk Effect
1
https://www.splunk.com/en_us/form/state-of-security.html
2
https://trilio.io/wp-content/uploads/2022/08/true-Cost-of-Downtime-infographic.pdf
4. To cover all
attack surfaces
To prioritize To enhance
automation
To drive
better ROI
Intelligence Advantage
With the current model, reducing operational risk isn’t easy. Detection
tools only see traffic that hits a network, they can’t see all of the different
exposures and misconfigurations that attackers can.
There’s no control over third parties to enforce, detect, respond, or control.
Ransomware consists of a complex web of activities, and while some of
your security tools may give you a partial view of what and how to defend,
they fail to provide the full picture.
Automation is increasingly important, but there’s often confusion around
how, what, and when to automate. Without answering these questions,
automation strategies may fail due to unrealistic expectations.
To get around these problems, an advantage is needed.
An advantage that helps you go beyond internal telemetry to enhance
security controls and defenses with comprehensive external data that’s
contextualized, analyzed, and prioritized, layered with probability and
implications, in an actionable format.
Threat Intelligence provides an advantage to identify and get ahead of
risks that matter, make the right decisions for your organization, and build
resilience, at the speed and scale of today’s threat environment.
Threat intelligence protects against internal failures and external threats,
providing the connecting layer needed to reduce operational risk.
5. How Threat Intelligence
Reduces Operational Risk
“Threat actors are looking at your digital
footprint outside the organization to launch an
attack. You must take proactive measures. You
have to monitor your digital assets. You have
to remediate incidents. You must proactively
protect your brand and your image. To do that
you need timely intelligence.”
- Group Head/CISO, Allied Bank
“To support our proactive approach to
security, we needed to invest in threat
intelligence to prepare us for cyber attacks
before they happen.“
- General Manager of Cyber Security Center, Toshiba
Protect Your
Expanding
Digital Attack
Surface
Mitigate
Third-Party
Risks in Your
Supply Chain
Defend
Against
Ransomware
Automate
Security
Workflows
for Real-time
Remediation
What benefits can threat intelligence offer your organization?
Threat intelligence provides a comprehensive shield by covering all attack
surfaces, including digital, physical, and third-party. It enables organizations
to prioritize their most critical assets, ensuring that valuable resources are
allocated effectively.
In addition, integrating threat intelligence into existing systems and processes
enhances automation, reducing human error and response times. As a result,
businesses achieve a higher return on investment, as a secure and efficient
infrastructure allows for uninterrupted growth at scale.
6. Overcoming
Operational Risk
Challenges with
Threat Intelligence
Protect Your Expanding
Digital Attack Surface
Implementing various technologies and systems to support remote work,
digital experiences, and innovation significantly expands your attack
surface. This also increases the number of employee credentials that need
to be secured and software vulnerabilities that must be patched. In addition
as your reputation grows, so do the risks to your brand, which could take
the form of company or executive impersonation, domain abuse, or the
creation of fake mobile apps.
It’s not just the high-profile items; even small assets, often considered
unimportant, can contribute to increased operational risk. For
instance, a Fortune 500 financial institution was running a vulnerable
version of WordPress allowing unrestricted file upload and remote
code execution. To protect your expanding digital attack surface it’s
critical that all doors into your organization are under lock and key.
Threat intelligence provides proactive warning signals and
automatically detects digital risks to your organization – such as
domain abuse, vulnerable assets, compromised credentials, and
more – allowing you to prioritize critical risks and keep your attack
surface secure. Visibility into the vulnerable version of WordPress
the financial institution was using enabled them to immediately flag
for internal investigation and remediation.
Digital
Transformation
Real-time
visibility
Unknown
Assets
Digital
Risks
Compromised
Credentials
Vulnerable
Applications
M&A
Events
Prioritized
exposure & risk
to address
Business
Growth
Business
Growth
Challenges
Threat Intelligence Outcome
3
https://www.csoonline.com/article/3648998/look-for-attack-surface-management-to-go-mainstream-in-2022.html
of organizations have experienced a
cyberattack that started through the
exploit of an unknown, unmanaged or
poorly managed internet-facing asset 3
69%
7. Mitigate Third-Party Risks
in Your Supply Chain
Third-party vendors are a critical component for today’s modern business,
helping them to streamline supply chains, accelerate product deliveries,
spur innovation, increase efficiency, and lower costs. But there is a cost to
these relationships and achieving these benefits.
Organizations must grant third parties access to information systems that
support core functions such as product design, manufacturing, logistics, order
fulfillment, and finance. While critical to continued success, every vendor
introduces potential threats to your organization, with more than 80 percent
of organizations reporting a third-party related breach in the past year.
The stakes are far too high to ignore third-party risk. Your third parties’ attack
surface evolves continuously as new infrastructure is spun up, all while threat
actors continue to wage attacks. To stay ahead of ever-evolving threats in our
business world, you need a threat-focused approach.
Threat Intelligence provides comprehensive visibility into your supply chain
threat landscape so you can detect threats earlier. This empowers security
teams and business leaders to make fast, informed decisions about the
companies in their supply chain and reduce the overall risk of business
disruption, data breaches, and reputational damage.
For example, a media & entertainment company deals with a lot of executive
anxiety about product details being leaked before they are released
since many small vendors and contractors are involved in product
launches and directly handle their high value data.
Threat intelligence helps them spot check each vendor’s security
hygiene in real-time to identify vulnerabilities or anomalies in niche
technologies, enabling them to mitigate risks before they can have a
detrimental impact.
Geopolitical
Instability
Visibility into
third-party
vulnerabilities
Limited Visibility Uncertainty Reactive Approach
Reliance on
Third Parties
Context
on cyber and
physical risk
Supply Chain
Weakness
Proactive
mitigation and faster
incident response
Challenges
Threat Intelligence Outcome
4
https://www.sonatype.com/state-of-the-software-supply-chain/introduction
of third-party vendors
are properly evaluated
for security vulnerabilities 4
50%
Less than
8. Defending Against Ransomware
Ransomware. The very name strikes fear in the heart of organizations.
Ransomware methods continue to evolve and multiply increasingly
threatening small, medium, and large organizations around the world.
The two most notable mass exploitation campaigns by ransomware groups
this year targeted a virtualization tool - VMWare ESXi, and file transfer
software - GoAnywhere MFT. Both of these campaigns have been wildly
successful in terms of the number of victims, but not all that profitable for
the ransomware gangs. Organizations and businesses are no longer willing
to pay ransoms, and many countries aren’t letting them pay. In many cases
companies have wiped & restored rather than paid the ransom, and are
willing to deal with the fallout of whatever data was stolen.
But that’s not defending against ransomware.
To defend against ransomware we need to get further upstream to
understand the motivations and the tools, tactics, and procedures our
adversaries use. However, defending against ransomware gangs can feel
like a chess match where security teams are always playing defense.
Threat Intelligence provides the context necessary to turn the tides and put
threat actors on their back foot. Real-time intelligence on ransomware threat
actors, their tactics and targets, enables you to proactively protect your
business from attacks.
Using threat intelligence, a public automotive company was alerted
about compromised identities being sold on a ransomware site
just a few hours after seeing a failed-login. They quickly reset the
passwords, safeguarding themselves against a ransomware attack.
Vulnerabilities
Hunt
Lack of Context Noise Dynamic Indicators
Misconfigurations
Detect
Compromised
Credentials
Monitor
Challenges
Threat Intelligence Outcome
5
https://www.verizon.com/business/resources/reports/dbir/
of all breaches in 2022 5
25%
Ransomware
was involved in
9. Improve Workflow Automation
Time is perhaps the most important element in the cyber world. Everything’s
moving too fast, the number of alerts, the questions from executives, the
hours ticking by. Security teams still struggle with manual processes and
keeping up with a changing threat landscape that leaves security teams to
try and do more with less.
Threat Intelligence gives us back time, but getting it right is hard. It’s not
about stitching together some feeds or just having an analyst peruse through
reports. Threat Intelligence must be scalable, unbiased, and actionable.
When done right it helps our automation tools truly automate by creating
smarter rules and workflows, it makes our analysts become more efficient
by enabling them to perform research within one product and providing
actionable context that separates the signal from the noise.
Maybe you need to automate simple tasks to free up your analysts for more
important projects, or perhaps you need a better way to inform executives of
your security posture and threats to be concerned about. Whether your use case
is tactical, operational, or strategic, threat intelligence can give you back time.
For a global equipment provider, automating threat intelligence into many of
their day-to-day activities has helped them cut out manual processes and
gives them confidence to know what’s high-risk versus what they shouldn’t
be spending their time on.
6
https://www.fortinet.com/content/dam/fortinet/assets/reports/report-2022-skills-gap-survey.pdf
Sophisticated
Attackers
Reduce
noise
Dynamic
Indicators
Lack
of Context
Alert
Fatigue
Analysis
Burnout
Cybersecurity
Skills Shortage
Improve
detection and
response time
Security Stack
Complexity
Enhance analyst
efficiency
Challenges
Threat Intelligence Outcome
of organizations suffered
one or more breaches
that they could attribute
to a lack of cybersecurity
skills and/or awareness 6
80%
Worldwide
10. The Benefits of Threat Intelligence
Protect Expanding
Attack Surface
Accelerate brand
impersonation detection
Discover unauthorized
logo use, typosquats, fake
executive profiles, and fake
mobile applications
Continuously monitor
your changing attack surface
Identify internet-facing
assets, where they’re
being hosted,and if they’re
vulnerable, misconfigured or
out-of-policy
Implement risk-based patch
prioritization & tech stack monitoring
Use risk scoring to prioritize
patching based on likelihood
of exploitation and identify
vulnerabilities affecting your
infrastructure
Defend Against
Ransomware
Understand your threat landscape
Gain real-time visibility into
ransomware threat actors
targeting your industry and
organization
Monitor changing IOCs
Mitigate ransomware attacks
with real-time intelligence
on IOCs and threat hunting
playbooks to stop threats
before they happen
Identify initial access
before it’s too late
Unlock visibility into
compromised credentials for
your employees and partners
before they can be used for
initial access
Mitigate Supply
Chain Risk
Improve time to identify and
proactively respond to threats
Identify digital and physical
threats early to improve
incident response and
business continuity
Enhance risk assessment
speed and quality
Gain comprehensive and
actionable information to make
fast, informed decisions when
assessing vendor risk
Understand risk exposures across
key locations and geographies
Determine risk exposure
across the globe to prepare
for the next big geopolitical or
cyber event that could have
profound impacts across your
supply chain
Automate
Security Workflows
Improve analyst efficiency
Minimize manual investigation
and research with real-time
threat intelligence, embedded
into the tools you use on a
daily basis
Automate manual workflows
Automate manual processes
to reduce risk of human errors
and provide breathing room
for analyst to focus on high-
impact projects
Improve detection
and response times
Implement high-fidelity risks
lists to correlate internal
telemetry with current threats
to identify activities that are
relevant to your organization
11. Our results are proven.
Recorded Future users have reported:
improvement of their
understanding digital
footprint
hours per week saved
due to actionable
intelligence
reduction
in manual
workflows
increase
of visibility
into their threats
85% 13
20%
62%
Recorded Future powers your organization with real-time visibility
into your expanding attack surface and threat landscape so you
can act with speed and confidence to reduce your risk and securely
drive business growth.
The Recorded Future Intelligence Cloud elevates your existing
security defenses by enhancing the depth and breadth of protection
by giving you insights into threats and attacks before they impact
your business, so you can stay ahead of attackers, at the speed and
scale of today’s threat environment.
The Power of Recorded Future
Automated
& Real-time
Comprehensive
Independent
& Integrated
Actionable Trusted
Internet-scale
collection and
analysis in
minutes
The world’s
largest
intelligence
repository,
covering the
widest range
of use cases
Unbiased, only
focused on
Intelligence
100+
integrations
into top
security tools
to accelerate
workflows
Actionable
for every
user, across
every maturity
journey, through
optimized user
experiences,
channels
and outputs
Trusted by
1600 clients,
governments
and 8/10 largest
companies
in the world
Begin Reducing Operational Risk Today
About Recorded Future®
Recorded Future is the world’s largest intelligence company. Recorded Future’s cloud-based Intelligence Platform provides the
most complete coverage across adversaries, infrastructure, and targets. By combining persistent and pervasive automated
data collection and analytics with human analysis, Recorded Future provides real-time visibility into the vast digital landscape
and empowers clients to take proactive action to disrupt adversaries and keep their people, systems, and infrastructure safe.
Headquartered in Boston with offices and employees around the world, Recorded Future works with more than 1,600 businesses
and government organizations across more than 70 countries.
Learn more at recordedfuture.com and follow us on Twitter at @RecordedFuture