What is an Emerging Threat?
An emerging threat is something new, often not yet fully understood, that impacts the cyber security of a large number of organisations. For example; a new critical vulnerability, a change in geopolitical situation, or an ongoing cyber attack. When a new emerging threat is discovered, there is a sense of urgency and time sensitivity.
What criteria are used to declare an Emerging Threat?
Threat intelligence is a noisy space. Each organisation needs to be constantly analysing which threats are relevant to them and worthy of attention, so as not to be overwhelmed by sheer volume. In the context of the supply chain, we are not looking at threats relevant to any one organisation, but ALL organisations. So how do we determine which threats warrant that attention?
There are seven separate considerations we go through before publishing an emerging threat to the Risk Ledger network. The intention is to provide a consistent framework so all users know what to expect, but we will evolve these considerations over time as we learn and iterate. Depending on how well this criteria is met, is how we decide whether or not to declare an Emerging Threat within our platform:
Public domainβ: We may become aware of issues which are not in the public domain - embargoed or otherwise legally restricted. We will need to ensure we are working within the law when we publish an emerging threat.
Ubiquity: Is the threat contained to a small geography, environment, or a particular technology? We will only publish threats which could affect a large proportion of organisations.
Severity: A combination of exploitability and potential impact determines the level of attention and action needed. We will only publish threats where we deem the potential severity is high. If the threat is related to a new vulnerability, the CVSS score will be taken into account.
Maturity: Is there a robust consensus about the detail of the threat? Can we trust the information available to us about the threat (even if proposed mitigations are still under development)?
Publicity: Are we comfortable that the level of publicity is justified and not unduly affecting our decision? Are large clients or lobbyists influencing the conversation. Would an objective analysis of the threat align with the level of media attention?
Benefit: By publishing the emerging threat on the Risk Ledger network, does this better enable both clients and suppliers to respond effectively? Are we likely to have a positive impact on security?
Integrity & credibility: Is there sufficient confidence in the publicly available information? Are there credible sources we can reference to demonstrate integrity of the information?
π‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.