RangeForce Blog | Cybersecurity training for teams

Tiers, Not Tears: Webinar Highlights

Written by RangeForce Team | Dec 20, 2023 1:00:00 PM

Recently, RangeForce hosted a live webinar called “Tiers, Not Tears: Contextualizing Cyber Threats.” We introduced a systematic approach to threat classification by categorizing threat actors into distinct tiers. 

 If you didn’t register, take a look at the highlights from this insightful session below. You can also watch the full recording below.

You can find our recent webinars on-demand on our BrightTALK channel. Keep an eye on our social media and newsletter to learn about upcoming webinars!

Tiers, Not Tears: Contextualizing Cyber Threats

Presented by Tanner Howell, RangeForce Solutions Engineering Team

The Cybersecurity Landscape

  • The state of cyberattacks is worsening, as the sophistication of threat actors increases
  • He mentions the prediction of cybercrime reaching $10.5 trillion by 2025.
  • Introduction of the concept of "cyber readiness" as the ability of an organization to protect itself from cyber threats.

Tiering Threats and Teams

  • Overview of the concept of tiering, which can refer to different aspects of an organization's cybersecurity posture.
  • In this context, tiering refers to categorizing threat actors and defensive teams based on their capabilities.
  • Optimizing incident response requires tiering both sides.

Threat Actor Tiers

  • Demonstration of a five-tier model for threat actors, ranging from script kiddies to nation-states.
  • Using actionable intelligence to categorize threat actors effectively is a critical factor.

Defensive Team Tiers

  • Common practice is for all incidents to be treated with the same level of urgency.
  • Serious dangers with this approach include burnout for security analysts and ineffective resource allocation.
  • A better solution is a tiered approach for defensive teams based on the prevalence of different threats and the organization's risk tolerance.

Case Studies

  • Two case studies are presented: a medium-sized non-profit and a Fortune 500 financial institution.
  • The threat landscapes of each are analyzed, and appropriate defensive tiers for each organization recommended
  • Factors like organization size, data sensitivity, and potential attacker motivations are highlighted in the analyses

Conclusion

  • The importance of tiering threats and teams for effective cybersecurity is reiterated.
  • The need for a realistic assessment of threats and a focus on ROI when making cybersecurity investments is of utmost importance.