Removing the Blinkers: Assessing the PrivSec Threats to your Business
By Ross Saunders
What happens when you cannot see the forest for the trees? There are so many threats out there it’s hard to keep up with which ones directly (and materially) affect your business. Businesses can waste tremendous time and effort in addressing generic threats that do not directly relate to their business, simply because it seemed like a good idea (or someone in power heard about it at the last conference they attended).
Threat modelling is a structured and relatively rapid approach that helps you identify the threats that your business faces that are real and credible. You can then customise your defenses to match your business profile, an attacker’s profile, and the ways an attacker may try to compromise your environment. It gives you a firm priority as to what the threats are that you need to address, taking into account the relevance of the controls and your unique business vulnerabilities.
We do threat modelling in our heads all the time. For example, if you know you’re going to be walking home alone after dark, you assess the fact that there may be threats, such as traffic that may not see you crossing the road, or if it’s a bad neighborhood, potential for attack. You can then instead choose to walk along main and well-lit roads, or you may even opt to take an Uber instead to avoid two risks at once. Threat modelling operates on the same principles for your products and business.
Security Threats
Threat modeling in the IT space was borne of the IT security industry. IT threat modelling methodologies have been used for decades to profile attackers and implement security measures against them. In the late 90’s, the STRIDE methodology was introduced by Microsoft’s security professionals, detailing threats that could take the following approaches:
Spoofing Identity,
Tampering with Data,
Repudiation,
Information Disclosure,
Denial of Service, and
Elevation of Privilege.
Each letter in STRIDE represents a different line of questioning to determine the threat, and the subsequent controls to address or avoid the threats. Security threat assessment is a mature practice and should be done on a regular basis, as your business introduces new processes or changes existing ones. Threats also change and evolve over time, and you may find external factors pushing you to do threat assessment more frequently.
Numerous other methodologies have been introduced over the years, but concepts remain similar in terms of identifying the threats to your products, development lifecycle, or business as a whole. Methodologies such as VAST (Visual, Agile, and Simple Threat methodology) are designed to integrate into modern development and DevOps lifecycles.
Privacy Threats
More recently, threat modelling has been applied to privacy. Privacy and security are similar disciplines in that you can’t have privacy without security, so it makes sense that privacy should have some form of threat modelling included as well. That said, there are distinct nuances between the two, and as such there are different models used in modelling privacy threats.
One such model in privacy is LINDDUN. This covers many of the threats that would apply to personal information under your control, as well as non-compliance with legislation that is out there. Fines, civil action, and reputational damage are all most certainly threats to any business nowadays. LINDDUN covers:
Linking,
Identifying,
Non-Repudiation,
Detecting,
Data Disclosure,
Unawareness Unintervenability, and
Non-Compliance.
Within privacy, it’s easy (and incorrect) to assume that your only threats are related to regulation and the law. That forms only one part of LINDDUN (Non-Compliance). LINDDUN is great in that it covers a broader swathe of business processes and data management. It addresses things like datasets that can be combined to form profiles (Linking), through to people remaining anonymous or having plausible deniability (Non-repudiation), and many other threats to privacy in-between.
When do you need to do threat modelling?
In numerous privacy laws there is a requirement to do Privacy Impact Assessments (PIAs) on your organisation, products, or services. Similarly, it’s a good practice to be assessing your security by means of vulnerability assessments or even certifications such as ISO 27001. But, what happens when you are simply too early in the game to do a large assessment? Threat modelling is perfect for this stage, at the very least in ‘time to market’ and cost to implement!
Threat modelling gives you a fast, well-defined approach that covers a lot of bases, something that can easily be missed when you are “in the thick of things”. These models, coupled with an external pair of eyes that can see a 30,000ft view of your operations, can be immensely valuable when creating a new product, an updated release, a new line of business, or even your existing business as a whole. Regular implementation of these assessments also ties in beautifully to a well-managed and mature privacy and security governance program.
Bamboo Data Consulting has vast experience in privacy and security, helping with identification of threats, gap analysis, and advisory. We are able to take a step back and see the holistic picture, partnering with you to develop meaningful defense measures from threats you may not have realised you are facing. In short, our domain expertise coupled with your industry knowledge, lets you manage your threats in an incredibly efficient and effective way.
