A Risk-Based Strategy Against ‘Supra Threat Actors’

June 13, 2019  Jeff B. Copeland

Supra threat actors or STA’s, those menacing alliances of criminal and espionage groups, could “annihilate us with trivial effort,” RiskLens Risk Science Director Jack Freund writes in a new article on Threatpost, “Should we be throwing everything we can at them?”

Don’t panic, Jack advises — apply some risk-based critical thinking using the FAIR model that powers the RiskLens platform (Jack is co-author with Jack Jones of the FAIR book, Measuring and Managing Information Risk) to determine what outcomes are probable, not just possible, for your organization.

Among the FAIR variables to consider:

  • Threat Event Frequency (TEF), which takes into consideration the way that STAs have acted in the past, namely, low frequency, highly targeted attacks with a high perceived value.
  • Threat Capability, the attackers’ skill level, which you can assume is very high.

Keep in mind, as Jack writes, for STAs, “that kind of firepower does not come cheap and nation-state attackers or nation-state-funded criminals who can run that kind of outfit will use it to further their aims.” Risk- and threat-intelligence teams can keep vigil on the geopolitical zeitgeist” to help you understand the probability of landing in their crosshairs.

For more on Jack’s analysis of the risk from supra threat actors, read his article on Threatpost How to Model Risk in an Apex Predator Cyber-World.