Open source cyber incidents intelligence gathering

Abstract

As Theodore Roosevelt said, “The more you know about the past, the better prepared you are for the future.”. This quote cannot be more true in the realm of predictive analysis. Data about the past can be modelled on variables to explore relationships and predict future outcomes with a degree of probability. As cyber incidents become more prevalent, it is ever necessary for cyber security professionals to quantify the cost of a cyber incident and allocate sufficient budget for remediation and cyber resilience. In order to quantify the cost of a cyber security incident for an organisation, pilot studies have to be done on past cyber security incidents and the respective monetary impacts. Furthermore, without the availability of a cyber security incidents repository, cyber security professionals will spend more manhours sieving through archives to aid their studies each time. The goal of this study is to develop an automated cyber security incidents repository to aid cyber security professionals in the aforementioned aspect. This study utilises multiple libraries to gather information from open-source unstructured and semi-structured data. The repository is supplemented with the profile of the organisation that suffered the cyber security incident, and Advanced Persistent Threat groups that were involved. Based on the resulting repository, future work can be done by cyber security professionals in analysing the correlation between variables of the repository to the settlement costs of the cyber incident, allowing sufficient budget to be allocated for remediation purposes.