Blog

How to avoid common cyber threat assessment pitfalls

By |

When it comes to drawing up a proactive plan to secure infrastructure, a threat assessment drive can go a long way. In addition to helping understand the sources and gravity of individual threats, it can also sensitize all stakeholders on various security aspects and help organizations understand and address specific and generic threats. However, due to some inherent deficiencies, the full value of an institutional cyber threat assessment program is not realized by many enterprises who chose to conduct such an assessment program. What are these deficiencies and how can they be addressed, read on to find out.

Deficiency one:  wrong or outdated cyber threat assessment model  

In our interactions with CISOs across manufacturing, utilities, maritime, oil and gas, and financial services sectors, we found that many businesses were relying on models that were primate and not suited to the emergent threats that are now dominating the threat landscape. These models were often borrowed from their peers in the industry and have been passed down from one generation of cybersecurity leaders to another across decades in some instances.

Remedy: work with a vendor or internal security operations team to prepare a model that is specific to your business. 

Deficiency two: lack of unit-level assessment

Even today, many businesses conduct threat assessment at an infrastructure/enterprise level rather than go a few notches lower to assess threats at an equipment or transaction level. Based on the family of devices, communication protocols, supply chain characteristics, device profile, digital footprint, and many other parameters, each device could face a multitude of threats. Further, networks face a series of threats that could be unique to various network characteristics. Without taking these into account, an IoT, IT, or OT threat assessment exercise will not present sufficient actionable data that can reduce your risk exposure.

Remedy: prepare an inventory of all devices and networks before embarking on a threat assessment exercise. This is especially true for OT-based infrastructures where device inventories are often outdated or do not exist.

Also Read: Why IoT Security is important in today’s network?

Deficiency three: low frequency of assessment

In IoT and OT environments connected with critical infrastructure, threat assessments should be conducted at least once a month to identify and track new risks and threats and plug any vulnerabilities or security posture-related gaps that may arise.

Remedy: calendarize and conduct threat assessments as frequently as possible.

Deficiency four: compliance-driven threat assessment agenda

Often businesses conduct threat assessment drives due to external factors such as audits, compliance needs, or pressure from the board or senior leadership. Sometimes threat assessments are conducted as a knee-jerk reaction to an advisory from a regulator as well. This leads to the threat assessment exercise being treated as an ad-hoc effort with no long-term view or focus.

Remedy: conduct threat assessments as a calendarized activity. The agenda should be specific to the risk exposure management needs of the business that is conducting it.

Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF

Deficiency five: lack of skilled cybersecurity threat assessment experts

As threat assessment is often not seen as a core activity, the work is assigned to team members who have to learn on the job. No additional training is imparted and such team members are often made to handle threat assessments along with their other responsibilities.

Remedy: allocate specific threat assessment responsibilities to team members and train them to do it professionally with diligence. Such members should also be made to undergo threat assessment certifications and act independently while making honest threat assessment recommendations.

Deficiency six: lack of integration (or synergy) with the overall cybersecurity roadmap

Since most businesses conduct a threat assessment exercise in an ad hoc manner, its findings or frequency, or even the objectives are not synchronized with the institutional risk management priorities. This leaves a wide gap in implementing the findings of the threat assessment exercise which are sometimes not even implemented.

Remedy: integrate the threat assessment exercise with the overall risk management program using incremental steps. Never conduct a threat assessment exercise in isolation as that will simply erode the benefits that your institution could gain from such an effort

Wish to know how to turbocharge your threat assessment programs to improve your institutional threat hunting and cyber risk management efforts?  Talk to Sectrio. We have assisted businesses across verticals such as manufacturing, oil and gas, maritime, banking, supply chain, and pharmaceutical manufacturing to evolve and run comprehensive and beneficial threat assessment programs. Talk to us now.

Wish to talk to our threat assessment specialists for more information? Share your details here.

Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds

Learn more about our threat assessment methodology here: OT and IoT Threat Assessment

Comprehensive asset discovery with vulnerability and threat assessment 1200 × 630px - sectrio
How to avoid common cyber threat assessment pitfalls - Sectrio

Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo

2022 threat landscape assessment report
Get the latest copy of the OT and IoT threat landscape report

Try our threat intelligence feeds for free for the next two weeks.

Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
How to avoid common cyber threat assessment pitfalls - Sectrio

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Share:
Sectrio is a technology market leader in the Internet of Things (IoT), Operational Technology (OT), Information Technology (IT) and 5G Security products for securing the most critical assets, data, networks, supply chains and device architectures for diverse deployments across geographies. Sectrio solutions minimize the attack surface and eliminate all risks from hackers, malware, cyber espionage, and other threats by securing the entire digital footprint covering services, applications, and surfaces through a single platform powered by real-time threat intelligence sourced from Sectrio’s largest honeypot network active in 75+ cities around the world.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio