homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)
John_Doyle_370x370.png
John Doyle

Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)

How to approach, research, and develop analytic assessments on emerging technologies and threat trends (Part 2)

January 12, 2024

“The human mind tends to see what it expects to see and to overlook the unexpected.

Change often happens so gradually that we do not see it or we rationalize it as not being of fundamental importance until it is too obvious to ignore.

Identification of indicators, signposts, and scenarios create an awareness that prepares the mind to recognize change.”

–The Dutton Institute

A Brief Recap

Cyber security leadership, the executive team, the board of directors, and risk management often seek our expert opinion on how an emerging technology or trend will impact the current and future state of business operations, shifts it could cause to the organization’s risk posture, and whether existing security controls are sufficient to manage any new risk or whether additional resources or investment is required. Leadership is also interested in how emerging technology and trends can provide efficiency gains to existing workflows.

The challenge we face when trying to assess the impact of any new advancement is that it often requires a steep multidisciplinary knowledge base beyond that of just cyber security or threat actor tradecraft and trends. In the previous blog post, we introduced this concept of systems analytic thinking, the DIMEFIL framework, an approach to determine market viability, and how to present insights using a common frame of reference. In this blog post, we delve deeper and wider, building our base knowledge on approaches to evaluate emerging technologies and trends, introducing useful structured analytic techniques (SATs) designed to aid in forecasting, and considerations on how to craft assessments such that they resonate with leadership.

Perspective Matters, Link Back to Related Context

All stories require a starting point, a contextual backdrop that acts as a foundation from which the author can build upon. In part 1 of this blog series, we used cyber risk as a well-known reference point that organizational leadership understands. This is one reason why when we craft analytic assessments, we focus on risk concepts like business impact, chance of occurrence, security controls coverage or gaps in existing controls. However, this is not the only frame of reference worth using in CTI—we can also leverage shared experiences of lived through events to draw anecdotal parallels when communicating analytic findings.

Each week there is no shortage of cyber events that occur. Yet as we recount the news headlines in any week, how many, if any, rise to the threshold of signifying an inflection point, some functional shift that changes a natural order? Inflection points can take different forms when we consider cyber innovation and advancements ranging from deviations in a threat actor’s baseline operations, to a new technology platform expanding an organization’s attack surface, to a vendor introducing a security feature to hive off full classes of attacks to the benign—perhaps naive—red teamer that uploads a new framework that just provided adversaries with yet another capability to integrate into its operational arsenal. Since there is such a wide range that could exist for potential inflection points, it’s best we create an organizational schema from which we can ascribe a baseline to identify inflections.

For simplicity’s sake, we will stick with the same model from the first blog post, where we broke cyber risk into three categories: adversary threats and trends, integrated tech stack, and existing security controls. The following graphic represents an illustrative, non-exhaustive enumeration of “cyber” advancements over the past decade grouped into the three categories. Each advancement identified in one of the categories could arguably be considered an inflection point and act as a shared frame of reference from which we can use for comparative purposes to make relative evaluations.

Picture1.png

Figure 1: Illustrative Trends and Advancements Over the Past Decade

The interesting part about these advancements is that some of them happened in tandem or short succession of one another. Some may have been spurred or influenced by broader macro-level events like the United States’ Comprehensive National Cybersecurity Initiative or trends like the droves of talented cyber security personnel in the private sector today that largely came from intelligence community, military, or law enforcement cyber careers. In the past decade, we have seen cyber security as a field evolve, branching into burgeoning sub-disciplines.

This outgrowth and fragmentation is one of the reasons I believe newcomers to cyber security struggle at the onset – the core base knowledge requirements have grown commensurately. Individuals with prior backgrounds have incrementally built their knowledge and refactored skills, and they have the depth of understanding to take interrelated and interconnected factors in stride. My buried bottom-line here is that those coming into this new have a steeper learning curve and often a longer journey to internalize the same lessons and understand those interrelated elements. Don’t worry, we’ll provide some guidance on this in the “Where Do I Go To Glean These Insights?” section.

Where to Start

Structured analytic techniques (SATs) are a methodical process designed to help one challenge judgments, create mental models, stimulate creativity, arrange and visualize data, manage uncertainty, and overcome biases inherent to the human mind, amongst other things. In total, there are over 60 different SATs available to assist analysts with critical thinking and problem solving across a range of different problem sets. In their seminal publication, "Structured Analytic Techniques for Intelligence Analysis", Richards Heuer Jr. and Randolph H. Pherson identify six core families of SATs, which others— including the CIA—have distilled into three primary categories: Diagnostic, Imaginative, and Contrarian techniques.

Picture2.png

Figure 2: Examples of SATs in Each Category

While this blog post won’t be able to do justice to the full gamut of SATs, a handful of these are particularly useful in helping frame the thought process when forecasting or evaluating potential future scenarios, which includes emerging technology threats and trends:

  • Red Teaming. An attempt to emulate adversary behavior by replicating how the adversary would approach a particular situation. Because this SAT requires thinking like an adversary, understanding their motivations, how they operate, things they hold culturally significant, and other areas are important. One of the biggest challenges with this SAT when applying it to cyber operations is breaking from mirror imaging using Western standards. Often if an analyst says “If I were [country], I would…” whatever follows is likely a statement that mirrors our perspective, ideals, or motivations.  images the Western approach. It is likely that Chinese President Xi probably mirror imaged during 2015 negotiations with then U.S. President Obama where both parties agreed that neither country’s government would conduct cyber theft of intellectual property with the intent of providing competitive advantage to their commercial sectors.
  • Future Scenarios/Alternative Futures. According to the CIA’s A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis this SAT “systematically explores multiple ways a situation can develop when there is high complexity and uncertainty”. Four potential future scenarios are developed by identifying the key two variables driving the potential change. The output takes the form of a two-dimensional matrix. This technique pairs particularly well with the key assumptions check.
  • Signposts of Change, Indicators and Warning (I&W), and Cone of Plausibility. Given the highly interrelated nature of these three SATs, it is easiest to explain them as a group. In Signpost of Change or I&W, an analyst creates a list of expected observable events that link together outcomes. These events, dubbed indicators or signposts, act as a baseline to help track, monitor, or evaluate changes over time. The Cone of Plausibility then uses these signposts or key drivers and assumptions to generate a range of plausible alternative scenarios to envision various futures and their implications.
  • “What If?” Analysis. Holding aside any preconceived ideas, a future outcome or event is identified and analysts work backwards to reconstruct the series of events that would have transpired that allowed us to arrive at the event.

Putting It All Together

One approach analysts can take when evaluating an emerging technology, advancement, or some other inflection point involves attempting to identify first, second, and tertiary order effects. Said in plain English, what’s the immediate impact followed by longer term effects from downstream dependencies? Answering the 5 Ws and how is also usually a fruitful endeavor as part of this process.

Let’s use a historic, well-known cyber attack as an example to illustrate the various orders of effect it had before providing a technology and a trend focused example.

The 2017 NotPetya case is a good example. The short summary of the NotPetya attack was Russian military cyber operators deployed a wiper to M.E.Doc customers through its update server. The attack was likely designed to only impact Ukrainian organizations. However, at least at the time, any organization with an operational footprint in or that worked with organizations in Ukraine had to choose between M.E.Doc or one other government approved accounting software for tax reporting purposes.

  • The first order effect of was the destruction of data on impacted systems.
  • The second order effect was the unanticipated spread and destruction of data on impacted systems outside of Ukraine that had M.E.Doc software installed.
  • A third order effect impacted vaccine production at one leading drug supplier causing it to pause distribution for its hepatitis A and B vaccines for several months. This led U.S. policymakers to question the fragility of certain sectors to cyber risks.
  • A fourth order effect was whether cyber insurance would cover the cost of damage from a cyber attack if it Is attributed to a state-sponsored actor. Total damage estimated from this attack was approximately $10 billion.
For ease of following along, the technology example will be an existing one that most readers should be familiar with, cloud computing’s Infrastructure-as-a-Service (IaaS), and the trend example will be adversaries persisting on edge devices (routers, switches, firewalls, etc.). In these examples, instead of providing answers, we instead provide a series of questions to think through the multi-order effects using the functional inputs in our “relevant threat” equation. Answering these questions should help answer the “should I care” question.

Picture3.png

Figure 3: Refresher on the Functional Inputs

IaaS

  • Intent. Does this technology—IaaS—change a threat actor’s intent or motivation? The answer will probably be no in most cases unless our company produces the technology, in which case we might ask whether any threat actor groups have targeted similar emerging technologies before and whether it aligns with a given country’s national priorities for something like technology transfer to bolster domestic industries.
  • Capability. Does IaaS provide a threat actor with a new capability? If so, what advantage does it provide? Are there any barriers to adoption and its operational use? What would drive the adversary to adopt it? If so, what would drive the adversary to adopt it? What are some observables we should look for as indicators of adoption? If we do not independently have visibility into these signposts, who may so that we could consider establishing an information sharing partnership?
  • Opportunity. Is our organization using IaaS or are we considering moving to IaaS? If so, what’s the use case and driving factors for adoption? What benefits does integrating it into the organization’s tech stack provide? In what capacity will it be deployed? Who will have access? What safeguards are being considered surrounding its deployment. Does it introduce new vulnerabilities we have to consider that expand our existing attack surface (vendor owned vs. on-prem)? Will we maintain the same visibility in our logging to detect threat activity? Are there other tradeoffs or blind spots that should be considered by fully or partially migrating to IaaS?

Edge Device Persistence

  • Intent. Does edge device persistence change threat actor intent or motivation?
  • Capability. Is this a new capability or has this been observed and reported on before? If it has been seen previously, which threat actor groups have employed it, how, and in what capacity? Has the technique been used against our industry vertical before? What was the series of events leading up to the adversary deploying the persistence mechanism and how was the access used afterward? Is this a brand new technique or is it present on the MITRE ATT&CK framework?
  • Opportunity. Are we susceptible to this technique i.e. is the affected technology deployed in our environment? Do we have coverage through our existing security controls to detect, contain, remediate, and recover? If not, how would we detect this type of activity? Do we need to partner with the affected vendor or engage a third-party security company? When was the last time the organization checked to see whether the firmware installed matches the one running on the devices at present? Which security or IT teams would be responsible? What other edge devices operating in the environment might require inspection beyond this particular affected make, model, and software version and with what level of regularity do they undergo regular security vetting?

Hopefully these questions provide a cursory roadmap to get you started as an analyst. Now let’s pull the findings together.

Documenting Findings in a Compelling Manner

Throughout the intelligence curation process, the AIMS methodology provides a useful framework to conceptualize the story we plan to tell and how we will message the analytic findings. For those unfamiliar with AIMS, it is an acronym that stands for Audience, Issue, Message, and Storyline. There are alternative storytelling frameworks beyond AIMS you might consider like AIM or GAME, but this blog post will only focus on AIMS.

  • Audience refers to identifying the end consumer of your insights. It involves being familiar with their role, responsibilities, background, current work priorities, schedule, existing demands, future aspirations, goals, personality, etc. Understanding the intended audience can help you as the author craft the narrative in a way that will best resonate with them using analogies and other explanatory helpers that align with their expertise or other frames of reference. For emerging technology stories in particular where a recommendation is made to shift resource investment, understanding when the audience will engage in budget decisions or meet with the risk planning committee meetings is an important dynamic to understand to align the delivery of the product for use in those discussions.
  • Issue refers to the topic at hand and why we are highlighting it. The “I” in AIMS could also be viewed as standing for “intelligence question”, which is yet another way for us to frame what we are trying to address with our analysis. A general intelligence question I often use for emerging technology and trends is “What are the drivers of adoption for X, how could this spur a change in adversary behavior, does this fundamentally change the current state of offense (adversary ops and capabilities) vs. defense (cyber security product coverage and practices) beyond on the margins, what indicators would we expect to see, and when do we expect this to take place?” Yes, that is a very loaded, multi-part intelligence question, but answering it—all of the sub-questions or elements of them—tees up a potential structure we can employ to communicate the “what, so what, and now what” in a finished intelligence product.
  • Message refers to the bottom line; what we want to tell the audience and any associated gaps, limitations, or assumptions we are making with it. Will X disproportionately impact a certain industry for the next two years and we should consider shifting our mergers and acquisition (M&A) strategy in-kind? In the early days of the COVID-19 pandemic, as organizations shifted employees to a fully remote workforce, it caused a lot of organizations to move to a business model they hadn’t considered before to include probably not considering commensurate security measures to maintain pace with business enabling IT operations. Using the same series of intelligence questions posed above, we would expect to—and did see—analysts from across several vendors assess that the rather sudden, unplanned shift to a fully remote workforce was likely to drive an uptick in cyber operations, using covid guidance spearphishing lures, capitalize on lax security practices in the short term, and raise the risk for hospital susceptibility to ransomware targeting. In my opinion, those are all very effective messages to put forth, especially at the beginning of the pandemic, as organizations were grappling with whether there would be any cyber security implications associated with the pandemic.
  • Storyline refers to both how to tell the story in a narrative format, but also where we start the story; see frame of reference. If we are talking about an emerging technology that we expect our audience to be unfamiliar with, it will require some time upfront to lay the groundwork, provide a concise primer on what it is, before delving into the implications of it. If we have previously written on the topic before, we have the luxury of picking up where we left off to continue the story, providing a link back to the previous product that contains the foundational elements in it. Irrespective of either, we need to be mindful of the amount of content that can be consumed at any point in time, challenging our ability to pull together a concise report, especially when there is a lot to unpack. One trick I learned during my days in government was to use graphics to represent timelines or to explain how technology works to save a lot of space in these type of reports.

Whether analytic insights are provided in a short form response or using a longer form narrative, a key element to include is its relation to some advancement or innovation that has occurred before. Graphics are an excellent way to convey this type of information on a timeline or creating a compare and contrast graphic. Graphics provide analysts with flexibility to create new mental models, challenge the presentation of an existing approach, or just think creatively and out-of-the-box. So how might we be able to capture broadscale changes in technology platforms and service delivery, shifts in adversary tradecraft, and advancements in cyber security, or perhaps even cyber policy decisions for our leadership team to think through?

One approach could be to create an ecosystem dichotomy outlining the roles and responsibilities for the various players based on type of organization or what product or service it provides. akin to the table below. With this type of an overview guide in place, we could add a layer on top of it, using a well-known industry schema like NIST’s Cybersecurity Framework (CSF) to illustrate specific examples of how these players have historically contributed in the past. While there are other ways to approach the problem, in two graphics—albeit text heavy graphics—we have created a foundational base of knowledge that we can build on for our analysis moving forward. The same could be done for showing the usage of wipers over time, evolution of adversary tradecraft, or expansion of targets beyond a particular set of victims for a campaign, amongst others.

Picture4.png

Figure 4: Illustrative Example of Roles

Picture5.png

Figure 5: Layering Additional Context

Where Do I Go To Glean These Insights?

This is a bit of a chicken or the egg problem. Developing strong critical thinking and problem solving ability is different than gaining an thorough understanding of the cyber threat landscape which is different than proficiency in various cyber security technologies, laws, or policies. While a lot of this can be learnt through self-study and research—and you will likely need to do some of this anyhow—one can shorten the time horizon for knowledge capture by seeking guidance, starting points, and other advice from mentors and other industry peers. Asking about their experiences or their take on a particular topic is another great way to garner their insights as field experts. Analysts, in particular, tend to enjoy pontificating about alternative realities or implications grounded in logic and their experiences.

Conclusion and Path Forward

While there is no magic bullet solution on how to answer a question about emerging technologies and threat trends, this blog series hopefully provided practical guidance on how to frame research and present findings on the topic. In it, we covered concepts designed to improve critical thinking ability and strategic forecasting, examining multi-dimensional effects using systems analytic thinking and frameworks like DIMEFIL/PESTLE. A handful of SATs can help shape our thought process as we work through how we arrived at a particular event, what were the signposts or drivers that got us there, and identifying any indicators we would expect to see. We provided series of questions that analysts may consider using when evaluating an emerging technology or a trend to determine “should I care” and to what extent does this shift status quo.  We concluded by covering key considerations when conceiving and crafting the analytic assessment.

This blog series was designed as a primer to jumpstart analytic skills for junior analysts or those transitioning into CTI from a job area. If you are looking for additional practice beyond the forecasting examples we covered in here, I would encourage you to try to answer each of the questions about intent, capability, and opportunity for some of the other advancements listed in Figure 2. Thanks for taking the time to read this blog series.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recommended Training

  • ICS515: ICS Visibility, Detection, and Response™
  • LDR514: Security Strategic Planning, Policy, and Leadership™
  • SEC541: Cloud Security Threat Detection™

Tags:
  • Digital Forensics, Incident Response & Threat Hunting

Related Content

Blog
DFIR - Blog - SANS Threat Analysis Rundown in Review- Breaking Down March 2025’s Discussion_340 x 340 (1).jpg
Digital Forensics, Incident Response & Threat Hunting
April 4, 2025
SANS Threat Analysis Rundown in Review: Breaking Down March 2025’s Discussion
Datadog’s Zack Allen joined to share threat intelligence resources and discuss tools and methodologies for analysts.
370x370_katie-nickels.jpg
Katie Nickels
read more
Blog
340x340.png
Digital Forensics, Incident Response & Threat Hunting
January 27, 2025
A Visual Summary of SANS CTI Summit 2025
Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2025
No Headshot Available
Alison Kim
read more
Blog
OO - Blog - November 2024's Top Threats_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
November 25, 2024
SANS Threat Analysis Rundown in Review: Breaking Down November 2024’s Top Threats
There’s always plenty of news on cyber threats to discuss, and this month was no exception.
370x370_katie-nickels.jpg
Katie Nickels
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn