Location-Specific Cyber Risk: Where you are Affects how Badly you’ll be Hacked

Register for the 2018 Cyber Threat Intelligence Summit: [ Ссылка ]

Many wrongly think that because the internet is global, cyber threats are the same no matter where you are in the world. This line of thinking discounts the close-access, insider, and supply chain threat differences that exist when you change locations. Additionally, threat actors know and believe that travelers are less protected targets than people in their homes. By compromising a business traveler overseas, it can provide an access point into the corporate network. To prevent and mitigate these scenarios, organizations must understand the location-specific threats to their information security. Organizations can do this by understanding the operational environment and the threat actors that operate in the region or country.

The threat actors include host nation governments that are monitoring in-country communications, APT-style groups, cyber-criminal groups, or hacktivists. Intelligence analysts evaluate the threat actors’ intentions and capabilities to determine a threat rating. With this information, an analyst can then create viable risk scenarios through which their organization could experience information loss, operational disruption, or reputational damage. By measuring the likelihood and impact of each scenario, the analyst can determine the overall cyber risk of that location. This information informs precise decision-making to take appropriate preventive and mitigating measures.

By measuring the location-specific cyber risk and thoroughly assessing the threats in a country, intelligence analysts can identify intelligence gaps, focus collection efforts, and lay the foundation for multiple follow-on intelligence opportunities.

Lincoln Kaffenberger, (@LincolnKberger) Information Technology Officer, IMF
Lincoln has over a decade of experience helping organizations understand the threats they face and make informed, risk based decisions. John helps clients understand how to align their cyber agenda with dynamic business and compliance priorities.

свернуть