Threat Intel

Threat-Informed Defense for Human Attack Surface: Mapping Threat Intelligence to Target Intelligence

The exploitation of human attack surface data and a crucial intelligence gap

According to Verizon’s 2022 DBIR report, stolen passwords and phishing were the top two techniques used by threat actors last year, accounting for around 70% of all analyzed breaches. Both of these tactics, often interwoven, rely on data tied to the human element, the exploitation of which is the single largest threat to organizations today. In trying to address this threat, defenders have had a crucial intelligence gap. They lack the ability to map threat intelligence of specific threat actor TTPs involving social engineering and other personal data exploitations to their employee population. Attackers collect intelligence on human targets and leverage exposed personal data to develop paths for attack and compromise. In order to drive focus and prioritization of defenses, security teams need the capability to emulate attacker reconnaissance on their external, human attack surface in order to expose target intelligence about their organization’s human population.

Even though threat actors often connect work and personal identities to launch their attacks, defenders have had a huge blind spot when it comes to the attack surface associated with employees’ and contractors’ personal identities. While most organizations focus on securing work identities, this leaves 90% of the total attack surface of high-value targets unaddressed. At the same time, when looking at the volume of exposed passwords available to attackers, the amount of cleartext credentials associated with personal identities is around 9x larger. Complete target intelligence must take into account this exposed personal data.

Mapping threat intelligence to the human attack surface

The challenge lies in not only knowing the extent of your organization’s human attack surface but also mapping threat intelligence to human target intelligence to drive prioritized cyber defense. Threat intelligence involves knowing what specific threat actors are targeting others in your industry and how they are doing it. In other words, who are the threats and what are their TTPs (tactics, techniques, and procedures)? Target intelligence, as it relates to the human attack surface, involves knowing who your high-value and high-risk human targets are, the vulnerabilities presented by their exposed digital footprint, and their importance to an attacker as far as facilitating access to privileged systems and assets.

It’s the target intelligence that provides the human attack surface insights necessary to prioritize defenses once threat intelligence is mapped unto it. For instance, if a specific threat actor is conducting a social engineering campaign, and you know which of your employees are at risk and why based on their footprint, then you can prioritize your defenses accordingly, i.e., by addressing and limiting the public data that puts them at risk and enhancing MFA controls for their accounts. On the other hand, if a threat actor is leveraging exposed passwords from personal employee and contractor accounts for initial access, and you have full visibility of your users’ exposed credentials across breach repositories, then you can proactively trigger password changes and prevent their reuse within your organization.

Whether it’s in response to social engineering or other personal data exploitations, effective defense of the human attack surface should combine intelligence of the TTPs of threat actors active within one’s industry with target intelligence on your organization’s high-value human targets, individuals with privileged technical and financial access, and individuals with high personal data exposure.

Picnic’s automated threat-informed defense of the human attack surface

Uncovering target intelligence on your human attack surface and mapping it with your existing threat intelligence can be a time-consuming and resource-intensive process, however, particularly for large organizations with complex systems and multiple access points.

For organizations looking to automate this process, Picnic includes a solution that allows defenders to prioritize and mitigate corporate and individual risk at scale by automatically combining external threat intelligence with human risk mapping.

Picnic provides full visibility of your enterprise attack surface by including the human attack surface and using the lens of the attacker to automatically reveal human target intelligence and sensitive data exposure for a more comprehensive and effective cybersecurity program.

The platform drives evidence-based risk prioritization and threat mitigation by uncovering individual and corporate risks tied to your unique attack surface and predicting the most likely pathways of compromise based on threat actors, their TTPs, and their target industries. With Picnic, your team is equipped with data-backed decision-making, relevant risk prioritization, and automated remediation guidance. For more on Picnic’s platform capabilities specific to this feature, see here.

While attackers will undoubtedly continue to try and exploit the human element and personal data to breach organizations, Picnic is here to help you put protection in the chair by providing an enterprise-wide layer of prediction and prevention against attacks that leverage not only corporate domain and intellectual property information but also personal VIP, employee, and supply chain contractor’s personally identifiable information. The result is a company and workforce that are much less exposed and much less vulnerable to today’s threat actors.

Become a Subscriber to receive timely articles on human-centric security issues:

Scroll to Top