Page 85 - Cyber Defense eMagazine March 2024
P. 85
focusing on threats originating outside the company’s firewall and based on access to the surface web,
the dark web (TOR), and Vetted / invite-only cybercrime communities. This allows for the following
questions to be answered with high confidence:
• Is the company breached, and if so, by whom? What is their motivation? What data has been
leaked?
• Are there precursors of a breach that a threat actor could use to breach the company if they
elected to do so?
One size does not fit all: A CTI vendor must collaborate with customers to determine their needs and
constraints. This will allow them to assist their customers in selecting the right combination of services to
meet their requirements, including budget, timeframe, confidence, rules of engagement, and depth of
insights.
Based on Resecurity’s internal analysis of discoverable breaches (not every breach can be identified
through CTI), if CTI is limited to the surface web, less than 5% of companies that have been breached
can be identified. If CTI is limited to the open web and the “dark web (TOR),” less than 25% of companies
that have been breached will be identified (surface web (<5%) and dark web (TOR) (<20%)). For
discoverable breaches to be discovered, they must include surface web and dark web, in addition to
Vetted/invite-only cybercrime communities & P2P (> 75%).
Key takeaways:
CTI offers threat intelligence services to entities involved in M&A to reduce their risks. Some CTI vendors
provide services to entities involved in M&A. The scope and scale of these options are scaled up and
down to meet the individual customer’s and engagement's needs and budget:
Offering: One-time: Summary report
Timing: Normally less than a week.
Used for: Used during the development of companies for acquisition to help prioritize companies based
on their risk.
Deliverable: Summary report of the likelihood that the company is, or likely will be, breached.
• Typically, 1-2 pages.
• Optionally, identify initial areas of risk discovered from external CTI besides items related to a
potential breach.
• Can compare the risk of the target company being breached with other specific customers.
• Provides areas of concern and areas of future research.
Cyber Defense eMagazine – March 2024 Edition 85
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.