Insights: why threat model?
Edward Farrell
Cybersecurity fundamentally boils down to one thing- the protection of systems (weather they are physical, digital or social) from loss, disclosure, disruption, theft, unauthorised access, modification and a raft of other concerns that impact organisations or our environments at large. Fundamentally we need to understand why and contextualise what is occurring, for which a threat model is often warranted.
What is threat modelling & why?
Threat modelling is the use of a structured process to identify potential threats, such as structural vulnerabilities, threat actors, or the absence of appropriate safeguards and subsequently understand their impacts. Threat modelling has a number of benefits:
- Resources are finite and simply acquiring all the security in the world can be a pyrrhic victory, where an organisation has exhausted its capital on cyber security with no value. Threat modelling allows the efficient allocation of resources to effectively defend an organisation.
- Defensive teams can be better rehearsed- nested in with resource management is planning and preparing the defence and stakeholders. If the threat is understood, stakeholders can be prepared and operate expeditiously in a high stress environment once a threat is realised.
- Structured approaches allow us to build beyond “ransomware.” Most C level executives are concerned about ransomware which is front of mind however, by employing a structured approach to understand the environment, 3rd parties and genuine assets and the breadth of threats, a more expanded observation of genuine issues can take place. By way of example, our own structured approach recently identified that confidence in systems was a higher priority than ransomware events, which had already been adequately addressed.
- Discipline breeds confidence. The panic that is generated from the unknown is what sees most organisations setup for failure. By having a disciplined approach, teams and leaders can more confidently address the issues they face.
Daniel Ting & I will be presenting in Canberra in February 2022 a threat modelling workshop. If you’d like more details on this, reach out and we’d be happy to get you involved.