In these uncertain times, a quiz is now a familiar event on many social calendars, but each day the hard-working folk in Cybersecurity toil to answer some of the hardest questions on earth - 'How good is my security?', 'Will I get hacked?', 'Do I need a Pen-Test?', 'Why don't people understand risk?'. Although these questions will not crop up on your Friday night quiz, have the realities of lockdown changed the way we think about risk, and if so how will that help us improve Cybersecurity?

In this series of posts I set out to compare the similarities between COVID and Cyber. With why Threat Intelligence is vital to ensuring today’s risks are managed and why threat modelling is key.

Since COVID swept the globe billions of people now quiz themselves, daily, on how their government is responding to an initially perceived, and suddenly very real, catastrophic threat. In the UK, the threat response changed direction, plan, and tactics many times. The same evolution occurred within cyber, with some key similarities to how Risk Management changed from the '90s to the present day. Everyone now looks at life through a different lens.

The public is now acutely aware of the risk, weighing threat, probability, and impact to decide simple scenarios like shopping and schools. This sea change in culture also happened with Cyber, as even the most technophobic of us now has some Cyber topic to speak about at dinner parties and can pull-off a rudimentary approach to Cyber hygiene.

Both personal and government investment is driven by the new quiz, and much the same as Cyber, this needs to be measured and balanced against opportunity-cost and through continual assessment of Risk. In the words of Sun Tzu, just knowing yourself but not the enemy you will hit evens, but wasting money on the wrong terracotta horse can lose you more; like when you buy the wrong vaccine or PPE.

Having a balanced understanding of risk (Threat, Probability, and Impact) allows rewarding and focussed conversations; let's focus on Threat.

A threat-based approach is straightforward and has been the subject of many an enjoyable book, including Sun Tzu the darling of all amateur strategists.

Threat describes how an adversary, occurrence or scenario may commonly occur to inflict adverse impact on the goals or stability of an organisation.

Put simply, Threats and Intelligence are a yardstick for Cyber maturity. To understand 'what good looks like', you cannot beat looking out of the window to see more than you imagined. While not glancing out the window leaves you shooting in the dark, wasting resources.

In the next part of this 3 part post, we look at how we can use the most cliche strategist quote to analyse the phases of threat intelligence and how we see this materialise in the current quiz on COVID.

https://www.enticecybersolutions.co.uk/post/know-the-threat-quizzing-covid-and-why-cyber-is-similar-part-2 (Coming Soon)