Cyber threat actors are constantly evolving, and staying informed on their activities helps organizations stay ahead. This continuous monitoring and understanding of threat actors enables companies to quickly adapt to new tactics, tools, and methods that may emerge, ensuring long-term cybersecurity resilience. So, understanding and using information about cyber threat actors isn't just about reacting to current threats—it's about building a culture of preparedness, agility, and resilience that protects assets, data, and reputation over time.
Threat Actor Index
DICYME proposes a metric that summarizes the capabilities and activities of cyberspace actors in such a way that it is possible to monitor each actor over time, classify them all, and associate all actors with a particular organization to build a customized cybercrime landscape for each organization.
DICYME approach leverages the publicly available data that sources like the encyclopedia of threat actors developed by the Electronic Transactions Development Agency offers.
With information about the different names associated with the actors, the countries in which they are established, their motivations, the date of their first recorded appearance, a description, the sectors and countries they have attacked, the different tools and software they use, as well as various known campaigns attributed to them, DICYME has created an index composed by three scores:
-
Activity score represents the recent activity of the actor. Higher values represent actors seen more recently. A value between 0 and 1.
-
Capacity score represents the actor's skills and capacity using a technique. Higher values represent more capable actors. A value between 0 and 1.
-
Target score represents how badly a facility is placed on the actor's radar. Higher values represent a facility in the actor's target countries and actors' target sectors. A value between 0 and 1.
These 3 scores are combined to create a unique metric per actor.
Key Features
-
Simple Formulation: provides a clear, concise way to evaluate cyber threat actors, making it accessible to both experts and newcomers.
-
Easy to Understand: Even complex data becomes digestible with the user-friendly approach of the threat actors index.
-
Applicable to Any Data Source: the information required can be obtained from one or more data sources.
-
Dynamic: It evolves with changing data, offering real-time insights and adaptability.
-
Organization-Specific: Using an organization's country and industry, the distribution of actors can be deduced.
The DICYME Actor Index helps assess and understand an organization’s exposure to threat actors by providing a simple yet powerful formulation that is easy to understand. The index applies to virtually any actor data source, making it a flexible tool that can be tailored to incorporate the widest range of available data.