For those in cybersecurity or cyber risk management feeling helpless after the SolarWinds hack – state-sponsored APT threat actor exploiting a trusted application update, carefully covering tracks -- RiskLens Risk Consultant Sara Dominick has a message of hope. With RiskLens, the FAIR™ standard for cyber risk quantification and a threat intelligence framework like MITRE ATT&CK, you can model a large-scale event like the SolarWinds breach and prepare your organization for the worst.
Watch Sara’s webinar The SolarWinds Hack: a FAIR Perspective (registration required) for a detailed walkthrough of the modeling process. She covers these steps:
1. Create a SolarWinds Cyber Attack Risk Scenario
Following the FAIR (Factor Analysis of Information Risk) methodology, that means defining your threat actor, asset at risk and method of attack.
“Assess the risk associated with an external threat actor establishing a foothold on the network through a trusted security vendor’s application (e.g. SolarWinds) resulting in a breach of sensitive data in our crown jewel asset.”
Contact RiskLens for a customized demonstration of the risk modeling capabilities of our platform.
2. Gather Cyber Risk Frequency and Impact Data that Can Be Quantified
In FAIR, risk = probable frequency and probable magnitude of a loss event, so the next steps draw on data from your organization’s experience with previous attacks and knowledge of the value of your assets, as well as the strength of your controls and costs of responding to an incident.
But, as Sara explains, you can get a big boost in your research from the MITRE ATT&CK framework that tracks threat actors, including the suspected attackers in SolarWinds, and details their tactics and capabilities as they move through an attack chain.
3. Quantify Your Risk of APT Attack – Identify the Right Defenses
Based on your data inputs, the RiskLens platform will show your probable loss exposure from this SolarWinds-type scenario. As Sara demonstrates, you can then take advantage of another feature of MITRE ATT&CK: lists of security controls targeted to this threat actor. Identify the controls you may need to fill in the gaps in your defenses. Then go to the RiskLens platform to run comparative analyses to see which controls would best reduce your risk exposure (and how the cost of those controls compares to the dollar value of that exposure).
“If organizations involved in the SolarWinds attack had modeled a scenario such as this it may have better prepared them for the damage done by the SolarWinds incident,” Sara says. “And it may have made them more adept to handle the attack.
“With FAIR and RiskLens, we are not trying to predict the future but we are at least helping to prepare organizations for the worst of what could happen.”
Get the full details on how to model an APT risk scenario and plan defenses for your organization – watch the webinar The SolarWinds Hack: a FAIR Perspective.
Related Blog Posts: