© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Miles Tappin, ThreatConnect: “any company could fall victim to a cyber attack”


While numerous cybersecurity solutions are created and implemented daily, companies struggle to optimize and assess their effectiveness. Luckily, there are solutions for that, as well.

Evaluating risks and your potential to deal with them is an art of its own, and for enterprises with big teams, it’s a challenge to effectively communicate and explore those dangers together. As a result, platforms for cybersecurity experts came to life as a functional tool to improve their performance.

We reached out to Miles Tappin, the Vice President of ThreatConnect, to learn more about their ThreatConnect Platform, which allows teams to quantify and prepare for cyber threats.

ThreatConnect has grown exponentially since your launch in 2011. Can you tell us more about your journey?

ThreatConnect recently celebrated its 10th anniversary. While a lot has changed since then, our mission remains the same: revolutionizing the way our customers protect their organizations by turning intelligence into action.

We want to fundamentally improve the way security works by developing software for security leaders and analysts alike that improve cybersecurity outcomes.

ThreatConnect has long been known as a leader in the Threat Intelligence Platform (TIP) market. We understand the need to enable large enterprises to aggregate all available threat data – both internal and external, structured and unstructured – analyze rapidly, distill it down to understand the most critical threats, automate actions, and produce tactical, operational, and strategic threat intelligence all in one place. But our TIP Platform is only one component of a much more powerful brain trust.

We are the first in the market to introduce intelligence-driven security orchestration, automation, and response (SOAR). Our Smarter SOAR platform provides security leaders with critical capabilities to break down silos and helps unify the actions of the entire security team with a true threat-oriented view.

More recently, in 2020, we acquired Nehemiah Risk Quantifier – now ThreatConnect Risk Quantifier™ – to unify the actions of the security team around the most critical risks, support their response with streamlined and automated workflows, and strengthen the entire security ecosystem through powerful technology integrations.

At ThreatConnect, you operate based on a Risk, Threat, and Response approach. Can you tell us more about this practice?

ThreatConnect is the only company in the world that provides solutions to critical cybersecurity functions of Risk, Threat, and Response. We are the only cybersecurity company with cyber risk quantification (CRQ), threat intelligence platform (TIP), and security orchestration, automation, and response (SOAR) capabilities under one umbrella. As such, ThreatConnect is changing the way security works and tackling the biggest, most systemic issues confronting security today. ThreatConnect breaks through the cybersecurity market by offering solutions to the four most critical areas of concern as defined by the global CISO community at the 2020 World Economic Forum.

Our three-part model reduces complexity to help make decision-making easier, unites processes and technology, and continually drives down risk. CISOs and other security leaders are able to understand exactly which scenarios to protect against, where to focus resources, and how to prioritize SOC team responses.

You often mention the importance of having a risk-oriented view of cybersecurity. What are the ins and outs of this method?

Our role as cybersecurity professionals is about protecting the business from harm - we do this by reducing risk.

Security leaders must be able to prioritize so that they can concentrate their efforts in areas where they’ll have the biggest impact. It’s particularly important to evaluate impact in terms of mitigating risks to the business as a whole. They must be able to translate cyber threats into intelligently-calculated real-world probabilities so that the business can make reasonable investments and drive down its risks.But to do this effectively requires security professionals to learn how to quantify and communicate risk in both cyber and financial terms. Once translated into this view, security and business are on the same page. Risk mitigation then becomes the north star focus, and the struggle of resource prioritization finally dissipates as it becomes crystal clear what matters most.

At ThreatConnect, we believe that in order to change the way security works, the industry needs both a decision support platform that drives a financial-based, risk-driven view into security by harnessing external threat intelligence and internal security operations intelligence; and an operational support platform that simplifies turning that intelligence into action through automation and orchestration.

How did the pandemic influence the way you approach cybersecurity? Did you notice any new tactics used by threat actors?

This year was supposed to be the end of the COVID-19 global pandemic. However, 2021 saw a significant uptick in cyber threat actors taking advantage of people in their time of need.

ThreatConnect developed a COVID-19 cyber threat intelligence dashboard that saw action this year in the battle against COVID-related cyber crimes. ThreatConnect’s intelligence-driven SOAR served as the operational platform for the COVID-19 Cyber Threat Coalition, a group of cybersecurity professionals and organizations dedicated to stopping cybercriminals from stealing intellectual property from pharmaceutical companies, disrupting the COVID-19 vaccine supply chain, and taking advantage of vulnerable communities via COVID cyber scams. By leveraging ThreatConnect’s dashboard and COVID-19 intelligence feed in our Collective Analytics Layer, the Cyber Threat Coalition developed a blocklist that kept countless organizations and people safe during the vaccination effort.

Cybersecurity is now the top concern for the owners and operators of national critical infrastructures — the systems that manage and control our economy, energy resources, transportation networks, food distribution, hospitals, and overall way of life. ThreatConnect’s product innovations that constitute the Risk, Threat, Response approach are giving these institutions a viable, more effective way to protect their operations from harm and disruption. By doing that, we are protecting everyone who depends on these critical services during this unprecedented time.

How do cyberattacks differ between small businesses and large companies?

No matter the size of the organization, any company could fall victim to a cyber attack. The Verizon Data Breach Report 2021 found that both small and large organizations are being targeted by financially-motivated criminals. They found that 55% of large organizations were able to identify breaches within days or faster compared to 47% of small organizations. But of course, in business, time is money, and every second counts...If unprepared, an attack can cost a company millions of dollars, damage reputations, end jobs, and in extreme cases, cause the company to go out of business. There are plenty of examples of small companies going out of business due to a ransomware attack — it’s just a matter of time before a larger company ends up dealing with something similar, particularly as regulatory bodies are applying more pressure.

Establishing a risk management strategy can help mitigate cyber risks specific to your business, build resilience and limit damage or disruption. By adopting a risk-based approach to cybersecurity, organizations can calculate a unique risk score, identify weaknesses, prioritize controls and determine the appropriate remediation actions.

Although Cyber Risk Quantification can offer some great benefits and insights, this practice is still not widespread. Could you tell us more about it?

We won’t pretend that cyber risk quantification is easy; there is a lot of data that sits behind the calculations. For every business, the financial impact of cyber risk is different.

Cyber Risk Quantification (CRQ) utilizes scientific evidence and methods to empower businesses to make better decisions. It is a process of identifying risks that matter most to the business by quantifying them in terms of potential financial and operational impact.

Most organizations use the FAIR (Factor Analysis of Information Risk) cyber risk framework for cyber risk quantification. However, putting FAIR into practice still remains a challenge. Running FAIR scenarios can be a great way to analyze ad-hoc events or out-of-band requests. But there are challenges associated with making FAIR operational, including the subjectivity of inputs, the time required to gather data, and lack of actionable outputs.Overcoming challenges with FAIR is the key to seeing FAIR adopted at a wider scale. With our latest release - RQ 6.0, we have introduced semi-automated FAIR scenarios that use automation to compute the Loss Event Frequency portion of the FAIR taxonomy. Combine that with your Loss Magnitude projections, and you can compute the financial impact of risk scenarios rapidly and at scale.

ThreatConnect Risk Quantifier 6.0 enables FAIR practitioners to use their existing data and processes to model risk as they have been while providing a way to automate and scale the most challenging parts of making FAIR operational.

What misconceptions have you run into when working to ensure organizational cybersecurity?

At ThreatConnect, we believe the first step in tackling the strategic business challenges starts with understanding the strategic advantages of shifting to a risk-led security program. Without understanding that risk is a business issue (not a technical issue), CISOs will likely not focus their resources on the right things.There is a common misconception that you need to share very technical details with Executive leaders but in reality, this technical jargon prevents effective communication. The inability to understand the core mission of cybersecurity at a business level is one of the most critical challenges facing companies and organizations of all sizes today.

Our role as cybersecurity professionals is not solely about defending IT systems. It’s about risk mitigation and protecting the business from harm. But doing this effectively requires security professionals to come to grips with how to quantify risk and communicate risk in both cyber and financial terms. Once translated into this view, security and business are on the same page. Risk mitigation then becomes the North Star focus, and the struggle of resource prioritization finally dissipates as it becomes crystal clear what scenarios matter most.

With the number of remote workers growing, what would you consider the key security measures to secure their workload?

Many of us have had to adapt to working from home due to COVID-19, and it opens many possibilities for attackers to breach company security. Attackers have capitalized on remote workers and increased the average cost of a data breach by $137,000 based on a survey by IBM.

As such, there is a need for businesses to regularly emphasize the importance of safe working practices. They should explain how to avoid common mistakes (e.g. clicking links in suspicious emails) and empower their employees to feel confident online. In addition, it would be beneficial for organizations to outline clear processes that staff should follow if they want to report any risks or suspicious behavior. The sooner things are detected or reported - the sooner security teams can take the appropriate actions to limit damage or prevent it from happening again.

By making everyone aware of and responsible for cybersecurity, an organization can improve its security. Again, it comes back to understanding your risks and the potential financial impact of those risks materializing. Once organizations have a firm grasp on that, they will be able to prioritize their resources and efforts to achieve the best outcomes.

What does the future hold for ThreatConnect?

We are eager to continue innovating the way security teams work. Our risk, threat, response model is a great blueprint for organizations to expose their risks, highlight key threat actors and help with automated response efforts.

Just as the world changes, the organizations that we serve are in a constant state of change. New business requirements and a constantly shifting business landscape introduce new risks to our clients. New technologies and applications open up new attack surfaces to their adversaries. These issues, when compounded with the growing sophistication and sheer number of adversaries, make keeping pace with them incredibly difficult. One of the most fundamental issues in security is deciding where to prioritize scarce resources.

A risk-driven view into security provides a North Star understanding of where to focus threat management and response teams. Another critical issue is overcoming the lack of skilled resources. By automating and orchestrating actions across teams and technologies, ThreatConnect is, for the first time, helping businesses and government agencies overcome these challenges.

Our dedication to threat intelligence teams, security operations teams, and facilitating the workflow between the two teams, enables them to make more accurate, efficient, and faster decisions to protect their business. A risk-informed decision and operational support platform that can help them prioritize and focus on the risks that matter most.

Leave a Reply

Your email address will not be published. Required fields are marked