Abstract:

Organizations are operating in a risky business environment which is subject to an ever-evolving cyber threat landscape. In order to effectively tackle cyber threats and de-risk their cybersecurity postures, organizations need to form a thorough understanding of their cyber threat landscape through pragmatic cybersecurity risk assessments. In this context, our research work explores the current cyber threat landscape, and addresses some of the challenges stemming from the complexity associated with conducting cyber risk assessments and from the uncertainty surrounding the existing threat rating methods. Thus, our paper presents an overview of the current cyber threat landscape by consolidating thirteen cyber threat categories. Furthermore, the paper provides a novel threat rating method that aims to facilitate threat modelling, and in turn, enable cybersecurity risk management in organizations. In this sense, the proposed method allows the analysis of selected cyber threats and the estimation of the extents of their applicability to cyber harm. Subsequently, the selected cyber threat categories are critically evaluated based on their corresponding threat ratings, allowing the prioritization of the selected cyber threat categories.