What is a threat model?
by Kapua Iao
A threat model is a method of determining possible threats that could undermine an individual or an organization. It is a procedure that highlights vulnerabilities and potential threat actors so that such issues can be mitigated.
The healthcare cyber landscape is one fraught with cybercriminals who want to steal or hold ransom protected health information (PHI). This is especially true now as the number and frequency of cyberattacks continue to rise.
But how exactly could a threat model help IT professionals, especially within healthcare, better protect organizations? What should we know about threat modeling to build a strong cybersecurity program?
What is a threat model?
Threat modeling is a process used to identify potential security threats and vulnerabilities—in other words, what/who your threats are and how problematic they are to your organization. It’s important to know where your attack surface is exposed.
In day-to-day life, everyone uses some type of threat modeling to get through their da, deciding which route to take and which task to focus on at work. Even what to wear for the day.
Threat modeling means asking the important questions: Where am I most vulnerable? What are the most relevant threats? What can go wrong? Is there something we can do about it? How do I protect myself?
Generally, a threat model should follow four broad steps:
- Understand your system/network and how it is being accessed and/or used
- Determine threats and possible threats
- Rank the threats
- Determine countermeasures and mitigations
A threat model must be concrete and structured, though there is no single threat modeling process.
Rather, what you follow and how depends on your organization and its needs.
How is threat modeling useful?
As soon as the first shared computer made its debut, threat modeling became a defense mechanism against cybersecurity vulnerabilities.
According to Tony UcedaVélez, a recent speaker at Paubox Spring Summit 2021, there are many benefits of threat modeling, “Like what are they after, and based upon those things, how much of a pain point will they cause you?”
A cyberattack on any organization can produce crippling problems. Data breaches create complications for organizations worldwide.
A threat model confirms what type of breach(es) on the threat landscape your organization should be the most concerned with and what problems could develop from it.
Moreover, threat modeling helps an organization decide what assets to secure, as well as what controls or countermeasures to utilize for complete protection.
And for healthcare organizations?
At the Paubox Spring Summit, UcedaVélez emphasized that “healthcare providers should create a threat model simulation to elucidate any vulnerabilities and understand how their organization could be compromised.”
In fact, healthcare organizations already perform threat modeling when they implement a HIPAA risk assessment, which is required for HIPAA compliance.
HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their PHI.
A HIPAA risk assessment (and threat modeling) is a necessary foundational step for all healthcare organizations to implement appropriate safeguard measures.
By utilizing threat modeling from the beginning, a healthcare organization will protect itself from future problems, data breaches, and HIPAA violations.
Insight and security at the same time
Once you apply threat modeling and understand what to focus on as well as what countermeasures to employ, you must actually use the countermeasures.
This is where Paubox can help, particularly when it comes to email communication. Indeed, email is considered the number one threat vector (or main entry point) into any system.
Paubox Email Suite Premium provides these protections and requires no change in email behavior. No extra logins, passwords, or portals for the sender or recipient. With our HITRUST CSF certified solution, all emails are encrypted directly from an existing email platform (such as Microsoft 365 and Google Workspace).
Our solution also comes with ExecProtect, built to block display name spoofing emails from reaching an inbox in the first place. It also comes with data loss prevention (DLP) which stops unauthorized employees from transmitting sensitive data outside an organization.
Threat modeling allows you to determine what cybersecurity measure to enact. Employ a threat model from the beginning to ensure you focus on what protections your organization needs the most.