Business Risk Intelligence (BRI) Expands the Scope of Intelligence Beyond Technical Indicators
Threats that originate on the Internet but can result in damage across the entire enterprise have become an all-too-familiar phenomenon in recent years. Indeed, the days of cybersecurity issues that solely impact cybersecurity teams are far behind us — a fact that is further solidified by the industry-wide shift away from indicator-centric cyber threat intelligence (CTI) and towards the more strategic, cross-functional nature of Business Risk Intelligence (BRI). BRI not only transcends the boundaries of CTI use cases, it necessitates a change in how all business units and, more specifically, decision-makers, perceive the value and function of intelligence.
As leaders of business units to which BRI can provide immense value, the following five decision-makers in particular can avail themselves of a broader approach to intelligence:
VP of Fraud
Fraud remains one of the most persistent and multifaceted threats facing transactional lines of business. Although CTI can help VPs of Fraud to pinpoint the existence of some fraudulent schemes — particularly ones involving malware and/or technical vulnerabilities — those who rely on CTI as their sole source of intelligence may struggle to address more complex instances of fraud proactively. Often referred to as the “whack-a-mole” approach, reacting to fraud in the aftermath is highly inefficient yet relatively common as fraudsters continue to develop new tactics capable of bypassing even the most robust anti-fraud controls.
Indeed, the most effective way to address fraud is to gain visibility into schemes that are still in the planning stages. Gleaned from communities in the Deep & Dark Web where fraudsters congregate and develop these schemes, BRI helps VPs of Fraud to:
• Identify fraudulent schemes and track emerging trends before the damage is done
• Inform countermeasures and anti-fraud controls to mitigate fraud risks proactively
• Enhance the efficiency, productivity, and capabilities of anti-fraud teams
Head of Physical Security
The Head of Physical Security’s role has only grown more complex in recent years amid the mounting entanglement of the cyber and physical threat landscapes. Unlike various other roles, Heads of Physical Security tend to have less exposure to CTI because it does not address physical assets — even when a physical threat (or indicator thereof) originates on the Internet. BRI, on the other hand, was designed specifically to help organizations address a full spectrum of cyber and physical risks.
As physical adversaries continue to leverage the Deep & Dark Web to plot schemes ranging from terrorist attacks and executive kidnappings to large-scale compromises of energy and healthcare infrastructure, BRI has become a must-have.
Heads of Physical Security who leverage BRI can:
• Obtain advance visibility into physical threats to employees, physical assets, and physical infrastructure
• Evaluate the credibility, relevancy, and motivations of physical threat actors to prioritize resources and personnel effectively
• Develop and inform physical security policies to uphold standards of physical safety
VP of Business Development
By nature, business development initiatives expand the surface area upon which a threat and/or vulnerability can manifest. For VPs of Business Development who routinely establish and develop external partnerships and/or pursue M&A engagements, due diligence on target companies is essential. While CTI is typically far removed from business development efforts, BRI can and does play an integral role in business development due diligence.
After all, any unknowns pertaining to a target company’s finances, reputation, strategy, liabilities, or compliance could hinder the success of any business development engagement. Given that an abundance of such unknowns exist in the form of threats emerging from the Deep & Dark Web, gaining visibility into these online regions is crucial. BRI not only provides such visibility, it enables VPs of Business Development to:
• Proactively detect and address a broad spectrum of cyber and physical threats to which target companies may be susceptible
• Identify previously-unknown vulnerabilities affecting a target company’s technologies, infrastructure, and/or personnel
• Assess the integrity of a target company’s capabilities and the value of their assets accurately
Insider Threat Specialist
Although most Insider Threat Specialists leverage certain types of intelligence to varying degrees, many rely largely on insider threat program (ITP) tools to support their threat detection efforts. Typically marketed as “all-in-one” solutions, ITP tools combine and analyze disparate data sets to detect threats. As is the case with any security or intelligence offering, however, solutions that are truly “all-in-one” don’t really exist.
Rather than reactively searching for threats, BRI complements ITP tools by enabling Insider Threat Specialists to monitor for potential threats and identify relevant trends proactively. In many cases, BRI has successfully revealed yet-to-be-deployed insider threat recruitment and insider trading schemes, among others.
Insider Threat Specialists who apply BRI are able to:
• Compile data and intelligence from any source — including ITP tools — and make informed decisions to mitigate their organization’s risk
• Proactively address a broad spectrum of insider threats, such as those pertaining to insider trading, insider recruitment, intellectual property theft, vendor risk, and others
• Collaborate with stakeholders across all business units to develop and enforce insider threat prevention trainings and organizational policies
Chief Risk Officer
Maintaining comprehensive visibility into risks intertwined with all business units has long been a top priority for the Chief Risk Officer (CRO). And yet historically, intelligence has played a relatively small role in this process. While CTI can and does help CROs to detect some threats that fall under the jurisdiction of cybersecurity teams, those seeking to expand this visibility to encompass a full spectrum of risks across the enterprise are increasingly turning to BRI.
After all, the CRO role revolves around risk — not just individual threats, which is why BRI is essential. CROs that integrate BRI into existing organizational risk management (ORM) efforts can:
• Proactively detect and address threats and vulnerabilities with the potential to pose risks to all business units
• Gain insight into the context around these threats and vulnerabilities to assess relevancy and inform prioritization efforts
• Develop and enforce risk reduction and management policies to strengthen operational risk posture
When key decision-makers broaden their mindsets and strategies pertaining to the value and function of intelligence, their organizations can become better positioned to mitigate the cyber and physical risks they face. It’s crucial to recognize, however, that not all types of intelligence are created equal. I’ve written previously about how CTI’s indicator-centric approach is far too narrow to address threats and subsequent risks that fall outside the jurisdiction of cybersecurity teams. But since BRI, on the other hand, expands the scope of intelligence beyond technical indicators, it truly can and does enable decision-makers across all lines of business to gain a decision advantage over a broad spectrum of relevant threats and adversaries.