THREAT ANALYSIS
We undertake analysis across the three levels of cyber threat intelligence:
- Tactical analysis – micro-level data analysis in which we detect and monitor cyber threats to vulnerable communities.
- Operational analysis – investigations in which we seek to identify how attacks have unfolded.
- Strategic analysis – macro-level research and analysis to identify who is behind cyberattacks targeting vulnerable communities, the motive(s) behind them and the harm they cause.
Our diversity is our strength. Our in-house intelligence and information security team is made up of colleagues from many walks of life who come together to build innovative solutions. From cybersecurity experts to threat intelligence analysts, social scientists to software developers, seasoned law enforcement professionals to highly motivated students, we come together to better understand the threats in cyberspace.
Our data is the backbone of the work of the CyberPeace Institute. We process data from our partners, open sources, proprietary sources and that produced through our own collection processes. Our data pipeline processes data from its raw form to information suitable for analysis. It capitalizes on the use of scalable cloud-based technologies. Our processes put data privacy and security at the forefront of decision-making and we build increasingly automated data flows to reduce processing errors, increase data recency and reduce time to analysis.
In 2023 we have been selected to take part in the Patrick McGovern Data and Society Accelerator Program in which we will begin our machine learning journey to further help us in processing our large datasets into actionable insights.
Different data-centric projects call for different analytical approaches. Our portfolio of analysis activities includes but is not limited to problem profiling, Open Source Intelligence (OSINT), Social Network Analysis, technical analysis including log, malware and forensic analysis, Geotemporal analysis, financial asset tracing and victim profiling. We also have a network of trusted partners, whose expertise we can call-upon for other specific types of analysis.
We take data privacy and security very seriously. We adopt a zero-trust approach to system and data management. All of our analysis-related data is encrypted at rest and in transit. We have also developed our own products and tools for secure data exchange between us, our partners and our beneficiaries.
As the volume type and sophistication of cyberattacks are increasing year on year, it is important that vulnerable communities are able to access expert support to analyze threats against them and to receive data-driven insights to mitigate risks. We offer this capability for free to humanitarian NGOs, as one of a range of services.
the digital assets of our beneficiaries
new threats and vulnerabilities
and prioritize
identified issues
information through timely allerts
risks and secure
digital assets
Data Acquisition
Following an assessment of the case brought to us by a beneficiary or partner, we ensure the secure transfer of case data to our analysts.
Log & Transaction Analysis
We review and analyze computer-generated event logs to proactively identify information related to the case.
Malware & Forensic Investigation
We collect evidence from devices and analyze malware to determine the root cause of an attack.
Threat Intelligence
We develop knowledge on threats, vulnerabilities and the actors behind them to mitigate future risks.
Advice & guidance
Getting to the root cause of an attack allows us to provide actionable recommendations to a specific organization or the wider community.
Practical Assistance
We provide technical and cybersecurity support to help NGOs implement the recommendations.
-
Direction
every research project begins with the setting of clear intelligence requirements and the definition of research questions that need to be answered. This ensures our research stays within scope, respects ethical research principles and avoids mission creep.
-
Data collection
manually, automatically or somewhere in between, we collect data from primary data sources, open sources and closed sources which when combined together gives us a more comprehensive understanding of the cyber risks faced by vulnerable communities.
-
Processing
using data pipelines we clean and normalize data and evaluate its relevance and reliability to transform it from its raw form to exploitable information usable for analysis. This step of our intelligence cycle requires close collaboration between our analysts and technical engineers.
-
Analysis
from data discovery, statistical analysis, Social Network Analysis to geotemporal analysis, we find hidden connections within large datasets. Using data visualization and analysis tools, including dashboards and graphical link analysis software, our analysts can connect information from disparate sources to find the answers to our research questions.
-
Disseminate & Share
complex analysis must be accompanied by simple storytelling. Developing data-visualization platforms tailored to each research project and publishing clear reports and infographics allow us to communicate our findings with our community.
-
Feedback
we learn from every project we deliver on. Taking on feedback from our community, our governance bodies and our partners we strive to produce improved analytical products in the future.
Cyber Incident Tracers
Data-driven insights on the cyber threat landscape of vulnerable communities presented through publicly accessible data visualization platforms.
Research & Investigations
Independent and in-depth findings on the emerging and ongoing threats to vulnerable communities published through analytical reports and technical blog posts.
