Threats are as old as time. Our biology itself has adapted a flight or fight response specifically for threats. Cyber Threats, while treated as sexy or mysterious by the security community, really are no different that what we traditionally see as threats - they are just the current manifestation of threats in the digital era. To treat them anything else is to miss their very origins. Threats cannot be eliminated. They can be reduced, they can be managed, but they cannot be removed.
In a digital era, cyber threats come in two flavours
- threats that occur now because the use of cyber creates opportunities to make traditional threats more easy or efficient to execute, or give broader range to the threat;
- threats against the cyber infrastructure, system, or endpoint itself.
There is both a simplicity, and a complexity to approaching cyber threats in this manner. Understanding that the very nature of threats is rooted in traditional threats makes them easier to understand and defend against. Understanding that cyber has to be approached in various technology layers brings to light the complexity of creating a holistic approach, especially when you take into account that most cyber threats are global in nature.
Like all threats, cyber threats are composed of two components - the action, and the actor. In our field, these are the threat event and the threat actor. Combined, they make the threat. Attempts to manage or defend against these threats can take a one or the other approach to detection and tracking; ideally both to find the convergence against the target victim to be able to predict future threats.
To this end, its best to approach cyber threats in a holistic fashion. Strategically manage the threats utilizing an overall framework approach. Create an intelligence framework, including early warning detections and threat trending to support it. Proactively hunt and defend against the threats using a variety of tactics and operational procedures to close the gap between potential threat and actualized threat in order to minimize the technical and business impacts should it occur. Implement a proper logging and monitoring infrastructure, along with a threat analysis tools, in order to be able to leverage these activities into a broad protection and risk management strategy.
In this wiki, you will find a variety of thoughts, suggestions, and best practices to improve the capabilities in each of these areas.