Cyber threat intelligence, or CTI, was long considered the “standard” for cyber intelligence in the commercial sector. Relying primarily on indicators of compromise (IOCs) to aid in the detection of existing cyber threats, CTI remains integral to cybersecurity teams’ network defense and perimeter security initiatives. These use cases, however, are where the benefits of CTI begin and end. Organisations looking to not only detect cyber threats but also mitigate enterprise-wide risk are embracing a more strategic and comprehensive type of intelligence: Business Risk Intelligence (BRI).
BRI broadens the scope of intelligence beyond cyber threat detection to provide not just cybersecurity teams but all business units with the context they need to inform decisions, improve preparation, and mitigate risk across the enterprise. BRI is driven by the fact that managing business risk requires more than just the ability to detect cyber threats. The following basic formula for risk illustrates this concept:
Risk = Threat x Likelihood x Impact
- Threat: Which threats, cyber or physical, could potentially target the business?
- Likelihood: How likely is a given threat to target the business and why?
- Impact: If a given threat targets the business, what might the impact be and why?
Threat is only one component of risk, which why BRI aims to equip organisations with not just a list of cyber threats, but also with the comprehensive insight and context needed to identify, evaluate, and mitigate the broad spectrum of cyber and physical threats contributing to an organisation’s overall risk.
Indeed, BRI’s comprehensive approach to intelligence is especially crucial for businesses in Asia Pacific. The region is vast, highly diverse, and home to some of the fastest-growing economies in the world. And while these conditions continue to fuel progress and innovation, they also contribute to a uniquely complex threat landscape. In fact, Asia Pacific recorded some of the highest levels of cyber threats globally in 2017, placing the spotlight on cybercrime and the risks it poses to businesses and their stakeholders throughout the region. Many of these threats and resulting business risks have been shaped by the following recent developments in Asia Pacific:
- Law enforcement action against criminal Bitcoin exchanges and tumbler services
- Cybercriminal groups increasingly seeking and recruiting insiders in financial institutions
- The proliferation of financially motivated cybercrime such as ransomware and cyber extortion attacks
- Consistent discussions of, and recruitment for, insider trading schemes leveraging data stolen from financial institutions, news agencies, and law firms
Flashpoint’s BRI Decision Report: Mid-Year Update expands on the above developments and provides valuable insight into the potential risks for businesses in Asia Pacific. The report also highlights key bellwethers that could prompt major shifts in the geopolitical landscape, such as what the Trump-Kim summit means for peace on the Korean peninsula, as well as the implications of ongoing tensions in the South China Sea amid China’s increasingly assertive stance. – Networks Asia