The main reason I’m such an avid supporter of Business Risk Intelligence (BRI) is because it provides value not just to cybersecurity teams but also to all business units across an enterprise.
Insider threat teams
Although most insider threat teams leverage certain types of intelligence to varying degrees, many rely largely on insider threat program (ITP) tools to support their threat detection efforts. Often marketed as all-in-one solutions, ITP tools combine and analyze disparate datasets to detect suspicious user behavior. As is the case with any security or intelligence offering, however, solutions that are truly all-in-one don’t really exist.
Rather than reactively searching for threats, BRI complements ITP tools by enabling teams to proactively monitor for malicious activity and identify trends. In one situation, a BRI-led investigation helped an insider threat team identify a post on a cybercrime forum offering the sale of source code from unreleased software owned by a multinational technology company. When subsequent analysis determined the actor was a company employee, the team was able to safeguard the source code and work with law enforcement to take appropriate action against the rogue employee.
Physical security teams
Upholding physical security has only grown more complicated in recent years as the cyber and physical threat landscapes become intertwined and adversaries’ motivations and capabilities evolve. But unlike their cybersecurity counterparts, physical security teams tend to have little exposure to intelligence derived from the cyber domain. This is largely because prior to BRI, most commercial-sector applications of such intelligence were—and still are—limited to cybersecurity and network defense initiatives.
It’s crucial to remember, however, that just a because a threat or indicator originates online doesn’t mean its scope of influence will remain online. This is why BRI derived from the underground communities where physical adversaries congregate is so valuable. It can augment physical security efforts and help teams more effectively identify and mitigate physical risks.
For example, with regard to executive protection, when a well-known CEO planned to attend a popular public event, his company leveraged BRI gleaned from a Deep Web forum to identify and assess the risk posed by previously unknown physical threat actors located in the vicinity. This intelligence enabled the company’s executive protection team to leverage a threat-based approach by deploying security resources in high-priority areas to protect their CEO during the event.
Business development teams
Business development initiatives, by nature, expand the surface area upon which a threat can manifest. For business development teams that routinely establish and develop external partnerships or pursue M&A engagements, due diligence on target companies is essential.
Because BRI can provide insight into any emerging threats that could potentially compromise the integrity of an upcoming M&A engagement or business partnership, it can be an invaluable resource for business development teams during the due diligence process.
In one scenario, BRI derived from an elite Russian underground forum revealed an actor seeking hackers-for-hire to harvest proprietary M&A information from numerous top-tier law firms. This intelligence provided the named law firms with advance notice of the impending scheme, enabling them to safeguard their clients’ information and ultimately uphold the integrity of their M&A engagements.
Fraud, as I’ve written previously, is one of the most persistent and multifaceted threats facing transactional lines of business. Combating fraud effectively requires a comprehensive and proactive strategy driven by intelligence—particularly that which sheds light on emerging schemes, social engineering tactics, and fraudsters’ motivations, adaptations, and capabilities. This is why BRI has become essential for anti-fraud teams.
One BRI use case with which I’m familiar illustrates this concept especially well. Just prior to the U.S. implementation of Europay, MasterCard, and Visa (EMV) several years ago, BRI derived from a Dark Web forum revealed that fraudsters had developed EMV-chip recording software and manufacturing techniques to fabricate chip-enabled credit cards capable of bypassing EMV security measures. This intelligence enabled financial institutions involved in the upcoming EMV launch, as well as retailers and payment processors, to adjust their launch strategy and anti-fraud measures accordingly, thereby stymieing the large-scale scheme before it was deployed.
The above use cases demonstrate why it has become imperative for intelligence—and BRI in particular—to be integrated within not just cybersecurity initiatives but all business units across an enterprise. Indeed, when decision-makers broaden their mindsets and strategies pertaining to the value and function of intelligence, their organizations can become better positioned to proactively identify and mitigate the various cyber and physical risks they face.
This article originally appeared on CSOOnline.com