Article December 14, 2022

A day in the life of a cyber threat analyst

How do our cyber threat analysts keep our client's networks safe and stay on top of evolving cyber threats?

We always encourage people to run a mile from any suspicious links, websites or unusual digital activity. But our cyber threat analysts go out of their way to stick their noses into the web’s darkest nooks and crannies. So, just what do they get up to when keeping clients safe and staying on top of developing cyber threats?


Scanning the dark web

The first task of the day is to scan the murkier parts of the internet and see if there are any new threats developing. The average person wouldn’t know where to look, but our cyber threat analysts are well-practised in this type of surveillance.

The team has access to platforms and sites such as Exploit, XSS and RAMP where fraudsters exchange information and trade stolen data. They’ve secured entry to these sites through online identities painstakingly developed over many years and through well-nurtured third-party relationships.

Much of this work relies on watching what’s being posted by others. But sometimes our cyber threat analysts have to interact with other people on these forums to validate specific concerns and get the details they need to substantiate and quantify potential risks.  

So, just what sort of things are they looking for? Well, it’s often little snippets of information that point to possible threats and attacks.

Hackers tend to play things pretty close to their chest...but sometimes the information isn’t redacted well enough to hide the victim’s identity

Maybe an organisation’s IP address is spotted in the control panel of a hacker’s botnet. Perhaps a hacker is talking in a private chat that we’ve got access to and names a victim organisation. Hackers tend to play things pretty close to their chest, but they like to brag and show screenshots, and sometimes the information isn’t redacted well enough to hide the victim’s identity.

Additionally, new malware and other hacking tools are always being developed, and so our cyber threat analysts keep on top of the marketplaces where they’re sold.

Similarly, new vulnerabilities are discovered and disclosed all the time. Finding which ones are being discussed – and abused – by hackers is a key part of the job. This intelligence lets us prioritise scans and verify if you have the same weakness.

Keeping a close eye on customers

But now that they’ve scanned to see what’s going on, how do they match any vulnerabilities against all our clients’ systems when we’re insuring so many different organisations? Well, our data science team builds a ‘network footprint’ of every company we insure as soon as you apply for a policy. This means we’ve created a database of more than 2 million IP addresses that represent all our current customers on the internet.

When we find out about a vulnerability that’s being used by hackers we quickly build a prototype that detects the problem in a non-intrusive way, as opposed to the hackers who actually use it to carry out an attack. We then scale it up in the cloud and deploy it at a massive, customer-wide scale.

Then as soon as our cyber threat analysts detect a vulnerability or any other potentially damaging weakness in a relevant cyber system, we use our mobile app, Response, to push out a direct alert to the insured in question. These alerts warn the customer of the problem and give the intelligence and support needed to take immediate action.  

This allows time to sidestep a likely attack and means the business doesn’t suffer a cyber loss or have to file a claim

This approach means we get in touch before any of your systems are compromised. It gives the client time to take preventative action and keep operations running smoothly. It allows time to sidestep a likely attack and means the business doesn’t suffer a cyber loss or have to file a claim.   

The team’s role isn’t limited to finding information and then alerting about said vulnerability in a system. They also get hold of the official remediation advice from the impacted product’s vendor and then offer guidance and information about how to apply the fix to your system. They offer this support as part of our ongoing contact to ensure you get your network shored up and secured quickly.  

All of our cyber threat analysts also maintain well-established links with a range of governmental, law enforcement and other third-party stakeholders. Keeping these relationships up-to-date and exchanging information on developing threats is also part of the job for our cyber threat analysts.

Clearly, getting through everything outlined here would be quite a day’s work. But it goes to show the range of activities our cyber threat analysts are involved in and the lengths they’re going to in order to keep you safe and stay on top of emerging cyber risks.

We believe proactive prevention through the likes of cyber threat analysis is the future of any cyber insurance proposition. The cover you buy is there if needed, but our cyber threat analysts are preventing businesses from suffering an attack, preventing unnecessary stress and damage, not to mention avoiding major losses and claims.

Being your eyes and ears is all in a day’s work for our cyber threat analysts. Think of them as the warning system that gives you the information to act before the hackers strike.

CFC cyber threat analysts are part of the wider CFC Response team. For more information about our proactive approach to preventing cyber attacks, check out our CFC Response page.