Skip content

What is threat modelling?

Businesses of all sizes are vulnerable to cyber threats, from data breaches to cyber attacks. The consequences of a security breach can be devastating, resulting in the loss of sensitive data, reputational damage, and even legal implications. To minimise the risk of such incidents, organisations need to take a proactive approach to their cybersecurity strategy. One way to do this is through threat modelling.

What is threat modelling?

Threat modelling is a process that helps identify potential vulnerabilities in a system or application. It involves identifying possible attack scenarios and analysing the potential impact of those attacks. Threat modelling is often conducted during the design stage of a new application, though it may also occur at other stages. This is to assist developers in identifying vulnerabilities and understanding the security implications of their design, code, and configuration choices.

The threat modelling process involves three main steps:

1. Identify the flow of data through the system 

This involves documenting how data moves through different parts of the system, including where it originates, how it is processed, and where it is stored. By doing so, potential points of attack can be identified, and vulnerabilities in the system can be pinpointed.

For example, if a business stores customer data in a database, the flow of data through the system would involve documenting how the data enters the system (e.g. through an online form), where it is processed and stored (e.g. in a database), and how it is accessed (e.g. by employees with appropriate permissions). 

Through this, potential vulnerabilities in the system can be identified, such as unencrypted data or weak access controls. Potential points of attack can also be identified, such as through an SQL injection attack or a phishing email targeting employees with database access.

2. Document potential threats to the system 

This is the next crucial step in threat modelling. It involves considering all possible ways that an attacker could compromise the system's security and documenting these potential threats. 

Here are some common ones:

  • STRIDE - This is an acronym for each of the six threat categories it deals with: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

  • PASTA - Process for Attack Simulation and Threat Analysis (PASTA) is a risk-based threat modelling methodology where there is a focus on risks that can affect the business. 

This can help businesses prioritise which threats need to be addressed first and which security measures should be implemented.

For example, when threat modelling a web application, potential threats could include injection attacks, cross-site scripting (XSS) attacks, session hijacking, and password attacks. Each of these potential threats would be documented in detail, including how they could occur and what impact they could have on the system and the business as a whole.

3. Adopt potential security controls to mitigate potential threat

Lastly, implement security measures to mitigate the identified threats. They can vary depending on the type of threat and the system or application being modelled. Here are some examples of potential security controls:

  • Access controls: These controls limit who can access certain parts of a system or application, including the use of password authentication, two-factor authentication, and role-based access controls.

  • Encryption: Encryption is the process of encoding data so that it can only be read by authorised parties. This helps protect sensitive data from being accessed by unauthorised users.

  • Firewalls: Firewalls are hardware or software systems that monitor and control incoming and outgoing network traffic. They can be configured to block traffic from known malicious sources or limit access to certain types of traffic.

However, do note that threat modelling is an ongoing process. Security controls should be regularly reviewed and updated as new threats emerge or as the effectiveness of existing controls is evaluated.

Benefits of threat modelling 

1. Taking a proactive approach

Threat modelling enables companies to take a proactive approach to their cybersecurity strategy. By identifying potential vulnerabilities before an attack occurs, organisations can implement cybersecurity measures to prevent a cyber attack from happening.

2. Identifying vulnerabilities in a cost-effective way

Threat modelling is a cost-effective way to identify potential vulnerabilities. It enables businesses to prioritise which vulnerabilities need to be addressed first, minimising the cost of implementing cybersecurity measures.

3. Complying with regulatory requirements

Threat modelling can also help organisations comply with regulatory requirements. By identifying potential vulnerabilities, companies can ensure they are implementing the necessary security measures to meet regulatory requirements.

Protect your organisation from cybersecurity threats

If you're interested in learning more about threat modelling or want to find out how to better protect your business from threats, contact us at LRQA to learn more. We offer a range of cybersecurity services, including penetration testing and firewall management to help companies better protect their assets.

Other than these services, it is also important to explore other methods of reducing cyber threat vulnerability, such as providing cybersecurity training for employees to create a secure work environment. Take action today to protect your organisation from cyber threats.