Preventing cyberattacks using a threat-led strategy

No organisation wants to be in the news because of a cyberattack. At Equal Experts, we help enterprise organisations protect themselves from data breaches, ransomware, and many other attacks. I’m a security principal for Equal Experts UK, and I’d like to explain how we help organisations to focus their efforts on preventing real-world cyberattacks.

Re-examine your risk register

When I speak with senior technology leaders, they often ask, ‘could we really stop a cyberattack?’. They’ve spent a lot of time and money on security controls, but they’re still worried they’ll be the next organisation making headlines for the wrong reasons.

I advise senior leaders that you already know your most dangerous vulnerabilities. They’re sitting in your risk register—documented, accepted, and gathering dust. But you can’t see the wood for the trees because you’re

• Judging vulnerabilities and missing controls in isolation, not in combination
• Ignoring real techniques used by attackers
• Becoming numb to older risks that have not caused issues yet
  

In 2024, I attended an Equal Experts customer event where senior leaders from a financial services organisation shared how a ransomware attack had hit their business. They said the exploited vulnerabilities were already captured in a large risk register, but fixing them wasn’t a high priority because they didn’t seem dangerous in isolation. Their biggest learning was that a more holistic assessment would have highlighted the dangers and led them to plug the gap immediately.

If your risk register has hundreds of high-severity risks, and they’re all assessed infrequently, without using up-to-date threat intelligence, you’re inviting a serious breach. This is a failure scenario that slowly builds over time, because risk assessments tend to focus on what’s being built right now, not the old vulnerabilities quietly lurking in your live systems.

Prioritise real-world threats

The traditional way to assess security risks is to use a combination of likelihood and impact. That’s not good enough by itself. If you’re not considering today’s real-world threats and how the business value of your assets is changing over time, you can’t have an accurate picture of where you’re truly at risk. We help our customers to prioritise their risks holistically by facilitating risk review sessions in which we ask ourselves:

1. What are our most valuable systems today?
2. What techniques are attackers using today?
3. What vulnerabilities and missing controls do we already know about?
4. Could a combination of those allow an attacker to threaten our business?

Using modern AI tools, we can rapidly process industry threat reports into a simple list of active threats specific to customer systems and perform large-scale analysis on risk registers to find hidden dangerous risks. Thinking like this will highlight a set of critical issues that could hurt your business the most. It means you can prioritise fixing them and spend less time working on lower-impact issues.

Conclusion

If burglars are breaking into houses in your neighbourhood using back doors, would you still focus on fitting a video doorbell to the front? Or would you take notice and finally upgrade that old back door you’ve tolerated for years?

It’s the same with cyberattacks; you likely already know your most dangerous vulnerabilities. It’s critically important to reassess your risk register and systems based on real-world threats to your most valuable assets and make sure you spend your security effort fixing the issues that are the most likely to impact your business.