Cybersecurity risk assessment: Unleashing threat modelling

As companies navigate the dynamic landscape of cybersecurity, threat modeling emerges as a critical tool. This approach allows businesses to adapt swiftly, addressing new cybersecurity threats that accompany innovations in products and services. Threat modeling simplifies the identification of potential security vulnerabilities, enabling organizations to develop a focused and adaptable cybersecurity assessment strategy. By pinpointing threat actors, attack surfaces, and potential exploits, companies can efficiently tailor their security measures to protect new services and ensure robust defense against evolving threats. Discover how an agile approach to threat modeling can safeguard your company’s future.

Liked this post? Share with others!

Driving the company through threat modelling

As businesses face the headwinds of their operating ecosystem, they quickly realise that the products and services that defined yesterday’s success will be obsolete tomorrow. Hence, there is a need for companies to evolve to ensure they avoid becoming dinosaurs, which involves trying out new products and services in a quick and agile manner. Understandably, these new products and services will also bring about new cybersecurity threats and risks, which need to be assessed and managed. The ability to keep up with zero-day cyber threats while companies transform business products and services at pace requires a flexible and adaptable cybersecurity assessment approach. Threat modelling can serve as that approach. It does not include determining the likelihood, assessing the magnitude and identifying the risk scale. The reduced steps make it less complicated. And if required, the other steps can be included seamlessly to turn it into a full risk assessment. Threat assessment includes identifying threat actors, their attack surface, possible exploits and vulnerabilities. These steps enable companies to elicit cybersecurity exploits efficiently. An agile team that wants to test a new service can identify how the service’s authentication can be compromised using threat modelling.

“How can authentication of a service be compromised?”  

Five ways to unleash threat modelling

1. Identification of security requirements.

Security requirements exist to ensure the confidentiality, integrity and availability of business systems, data (customer and business) and services (i.e. internal and external). Most companies obtain their security requirements from industry best practices which include NIST, ISO 27001 and ISF. In their unedited form, these security requirements lack specific business context and are not all applicable. While they provide fair coverage, threat models should be used to refine the security requirements. Threat models incorporated the necessary business context. That way, the identified threats can be used to update and when required, create security requirements. An example of this is, the threat of a brute force attack can inform a security requirement for multifactor authentication. Threat modelling can give precision to the identification of security requirements.

2. Identification of security controls.

Security controls exist to detect, defend, delay and deter cybersecurity attacks. Often the choice of security controls for new information technology solutions are dictated by a mixture of best practices and the company’s risk management framework or either. The security controls are high level and still require further analysis to bottom them out. Again, threat models can be used to identify more granular sets of security controls. An example of this, the threat of a man in the middle attack can be defended by encrypting data with the appropriate secure protocol, encryption algorithm/key length and cryptographic hash. Threat models can be used to identify the precise and cost-effective security controls.

3. Compliment risk assessment

Most company’s response to their business environment results in a lot of business change initiatives and projects. Often most of the change initiatives are rehearsals to actual business products and services. Irrespective of their eventual status, the change initiatives need to be risk assessed at their inception to ensure they remain within the board set risk appetite. Hence the regular need to risk assess multiple initiatives and projects. For these set of initiatives and projects a threat model will suffice. It includes the initial stages of risk assessment such as identifying threat sources, identifying threat events and identifying vulnerabilities. It excludes determining likelihood, assessing the magnitude and defining the scale of risk which are not relevant due to the experimental nature of such projects. These additional stages can be included if and when necessary.

4. Compliment security testing

Generally, tests are only as good as the test cases executed, including security testing. Threat models can enable security testing to factor in the threat landscape, thereby it presents a more accurate dimension to security testing. With zero-day attacks popping up regularly, security practitioners understand that their test scope and test cases require frequent updates to include the latest exploits. And the order of security testing must be intelligent enough to cater for all scenarios. Threat models can inform security testing with the latest exploits to test. Also, threat models can inform security testing on the right order to test security exploits. It provides the attackers’ context. This way, security tests are built with threat intelligence and cover the complete scope of attack exploits.

5. Drive risk assessment

Risk assessment has always been in the sole purview of qualified risk practitioners. With the rapid pace of business change, this has often created a bottleneck to business agility. The business has had to move at the speed of security. This delay affects the time to market and the number of customer features delivered. Threat modelling can alleviate this predicament. It includes the initial steps of risk assessment. The output of the threat model is used to drive the other steps in the risk assessment process. That way, risk professionals can focus their scarce resources on the later stages of the risk assessment process as opposed to the whole process. Incorporating threat modelling, increases the pace of completing risk assessments making the business more agile.

Conclusion

Based on this analysis it does show that threat modelling is a subset and key building block to risk assessment. Also, the output of the threat model is key to completing the risk assessment process.

It is worth calling out that the building blocks to determining the risk through the likelihood and impact are understanding “who wants to attack the company”, “how can they attack the company”, and “what’s the company’s exposure “. These three activities holistically comprise threat modelling. Threat modelling is an integral part of risk assessment. The similarity between threat modelling and risk assessment is why both terms are often not distinguished. In some publications, NIST refers to threat modelling as a risk assessment form. Threat modelling allows a company to model aspects of an attack on any logical entity, including pieces of data, applications and any infrastructure

Let's help your organisation manage its cybersecurity risk

We’ll be happy to answer all your questions and help support you in delivering cybersecurity compliance.

Let's help you manage your cybersecurity risk