Page 85 - Cyber Defense eMagazine March 2024
P. 85

focusing on threats originating outside the company’s firewall and based on access to the surface web,
            the  dark  web  (TOR),  and  Vetted  /  invite-only  cybercrime  communities.  This  allows  for  the  following
            questions to be answered with high confidence:

               •  Is the company breached, and if so, by whom?  What is their motivation?  What data has been
                   leaked?
               •  Are there precursors of a breach that a threat actor could use to breach the company if they
                   elected to do so?




            One size does not fit all: A CTI vendor must collaborate with customers to determine their needs and
            constraints. This will allow them to assist their customers in selecting the right combination of services to
            meet their requirements, including budget, timeframe, confidence, rules of engagement, and depth of
            insights.

            Based on Resecurity’s internal analysis of discoverable breaches (not every breach can be identified
            through CTI), if CTI is limited to the surface web, less than 5% of companies that have been breached
            can be identified.   If CTI is limited to the open web and the “dark web (TOR),” less than 25% of companies
            that  have been breached  will  be  identified  (surface  web  (<5%)  and dark  web  (TOR)  (<20%)).      For
            discoverable breaches to be discovered, they must include surface web and dark web, in addition to
            Vetted/invite-only cybercrime communities & P2P (> 75%).



            Key takeaways:

            CTI offers threat intelligence services to entities involved in M&A to reduce their risks. Some CTI vendors
            provide services to entities involved in M&A. The scope and scale of these options are scaled up and
            down to meet the individual customer’s and engagement's needs and budget:



            Offering: One-time: Summary report

            Timing: Normally less than a week.

            Used for: Used during the development of companies for acquisition to help prioritize companies based
            on their risk.

            Deliverable:  Summary report of the likelihood that the company is, or likely will be, breached.

               •  Typically, 1-2 pages.
               •  Optionally, identify initial areas of risk discovered from external CTI besides items related to a
                   potential breach.
               •  Can compare the risk of the target company being breached with other specific customers.
               •  Provides areas of concern and areas of future research.






            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          85
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   80   81   82   83   84   85   86   87   88   89   90