Make the most of open-source intelligence to be risk aware – not risk averse
Every day, organisations are tasked with making the right decisions to manage risk effectively, but finding meaningful, relevant information that stakeholders can rely on is a significant challenge. As a result, companies are often risk averse. They prioritise restraint and avoid risks altogether rather than making informed decisions and taking calculated risks based on a thorough understanding of the potential outcomes. Risk averse decision-making can lead to missed opportunities, which hinders innovation and growth.
By extracting valuable intelligence from open and closed sources of data, organisations can gain a competitive advantage and become risk aware rather than risk averse. This blog will explore the importance of open-source intelligence (OSINT) and provide insights on how threat intel teams can utilise it to enhance risk awareness within an organisation.
Defining risk and establishing common ground
Understanding risk can be complicated, particularly when there are so many different definitions and interpretations of it. These definitions range from the general, “The potential of losing something of value” to the more specific. For financial risk, this could be defined as “The probability that an actual return on an investment will be lower than the expected return”, while for cyber risk it could be “the risk connected to activity online, internet trading, electronic systems and technological networks, as well as storage of personal data”.
The first step is to establish a common baseline and vocabulary with key stakeholders. By aligning on risk definitions and fostering communication, organisations can enhance their risk management practices and promote a unified understanding of threats, hazards and vulnerabilities.
The challenges of risk calculation and human bias
Despite efforts to quantify risk, calculating it is a subjective process that often defies mathematical formulas. Factors such as individual interpretations and human emotions can influence risk assessments. We tend to adjust risk assessments optimistically when we want a certain outcome, clouding the rational picture. Recognising the limitations of risk calculation is crucial in developing a risk-aware mindset.
Risk appetite – defined as the “amount and type of risk that an organisation is willing to pursue or retain” (as per ISO Guide 73:2009 Risk Management Vocabulary) – is another measure of risk. But realistically, it’s only the ‘thrill seekers’, such as base jumpers, train surfers and the like, who are truly hungry for risk. The ‘risk appetite’ senior leaders refer to tends to evaporate when confronted with real risk. Or, as Mike Tyson put it, “Everybody has a plan until they get punched in the mouth”.
The role of intelligence-led security programmes
The ultimate goal of risk analysis in security programmes is to protect an organisation’s reputation, resources and competitive advantage. Efficiency is also a key objective, namely, minimising the investment needed to bring risk exposure down to an acceptable level for the business.
By prioritising intelligence requirements, gathering data from diverse sources and analysing it collaboratively, organisations can generate actionable insights and maximise efficiency and effectiveness. This approach enables stakeholders to make informed decisions based on accurate, concise and relevant intelligence products. But how can an organisation shift from being risk averse to risk aware?
Going from risk averse to risk aware
Step 1: Enhance your threat intelligence programme
In the first step, it’s essential to develop a mission statement that clearly defines your role and objectives. Additionally, it is crucial to identify your internal customers and understand their specific requirements. By doing so, you can ensure that you fulfil these requirements effectively.
Establishing a framework and methodology for your programme is another important aspect, providing a structured approach to gathering and analysing intelligence. Lastly, automating and simplifying processes within your programme can streamline operations and improve efficiency.
Silobreaker Treemaps aren’t only available with the custom queries that we support you in building. Our simple pre-set options provide powerful insights immediately, such as identifying the malware variants used by individual threat actors.
Step 2: Gather the data and information you need to process into Intelligence
In the second step, it’s crucial to understand what your audience needs to know and keep the end goal in mind throughout the process. Gathering data from a wide range of sources and carefully considering their relevance and weighting is essential. This includes utilising premium feeds, as well as structured and unstructured data, and consolidating them into a single location.
Automation plays a key role in this step, enabling tasks such as deduplication and collation to be performed efficiently. Additionally, enriching the data, translating it if necessary and applying relevant tags further enhances its value and usability.
Step 3: Conduct analysis and assemble products
In Step 3, the focus shifts to conducting analysis and assembling products based on the gathered data. Collaboration and consensus are crucial elements that promote a team-oriented approach without favouring individual “rock stars”.
It’s important to agree upon formats that cater to the specific needs of different audiences, taking into consideration what they are already accustomed to receiving. Determining who receives alerts, the frequency of alerts, who receives reports, the frequency of reports, and who has access to a continuous “feed” of information are all vital considerations in this step.
By addressing these questions, the analysis process can be streamlined, and the resulting products can be tailored to effectively meet the needs of various stakeholders.
Step 4: Get the right intelligence to the right people, in the right format, at the right time
In Step 4, the focus is on delivering the appropriate intelligence to the intended recipients in a manner that aligns with their specific needs. The first consideration is to determine whether the intelligence is strategic, operational or tactical, taking into account the balance between speed and detail required in each case.
The intelligence should be clear, concise, standardised and provided on a regular basis to ensure consistency. Accuracy and timeliness are paramount, and the information should be presented in a format that the customer can readily utilise.
It is crucial to ensure that the intelligence reaches the right hands in a timely manner, is actively read and understood by the recipients. Additionally, gathering feedback from the recipients is essential to gauge the effectiveness and relevance of the intelligence, allowing for continuous improvement and refinement of the delivery process.
The benefits of Silobreaker for intelligence analysis
Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace. We do this by bringing together all the steps of the intelligence cycle in one place; from the management of cyber, physical and geopolitical priority intelligence requirements (PIRs) and the automated collection and processing of structured and unstructured, open-source, deep and dark web and finished intelligence data, to the analysis, production and dissemination of intelligence. This helps intelligence teams work more efficiently, freeing them up to identify and prioritise the most relevant cyber threats, safety risks and business continuity issues. It also helps decision-makers act faster to reduce risk and protect revenue.
In one Silobreaker use case, a European consultancy firm’s cyber threat intelligence analysts and cyber security consultants were facing several challenges. They were using multiple spreadsheets and had insufficient coverage of OSINT, resulting in missing valuable data. This had a direct impact on the team’s ability to track and report on cyber threats in a timely manner. The lack of a centralised hub for the firm’s analysts to collaborate on deliverables meant that the reporting process was manual and laborious.
Analysts and managers were often misaligned on internal tasks, which led to challenges in meeting client deadlines. Pressed for time, the team lacked the flexibility to accommodate additional client requests, including providing effective cyber security risk assessments.
With Silobreaker, they were finally able to bring together data from millions of open sources, as well as commercial threat feeds, dark web sources and leading security research. Silobreaker then aggregated the data to unlock relevant content and empowered the users to make intelligence decisions with a high degree of confidence.
Harnessing open-source intelligence is essential for organisations aiming to become risk aware rather than risk averse. By taking the right steps and leveraging a threat intelligence tool like Silobreaker, organisations can extract valuable insights, enhance risk awareness, and make informed decisions to protect their assets, reputation and operations – and maintain their competitive advantage.
To learn more request a demo today.