Threat Scope Maturity: A Look at History

In threat scope maturity the most important aspect is a consistent, repeatable, structured approach to address basic threats before pivoting to refined threats

Housing Evolution Example

The threat scope maturity for housing humans has had several significant phases, here are some of them. At some point in history humans lived in caves. This was in response to the incredible risk presented by predators and the natural environment. As the risk from predators became more manageable and less significant humans refocused their concerns and started building dwellings. These dwellings focused on protecting them from inclement weather and humans from other cultures. Once other cultures no longer presented significant threats (from war, pillaging, enslavement, or other such issues) housing became focused on amenities. Such amenities as electricity and plumbing were cornerstones of this phase. In the recent past and presently housing is focusing on the health issues related to specific materials and environmental concerns in homes. Examples of this are asbestos, radon, mold, lead, and air quality concerns. As the threats were identified, managed, and reduced the threat scope was refined to refocus on the unmanaged threats.

Threat Scope Evolution in Cybersecurity

Early Era Threat Scope Maturity

When cybersecurity was cowering in a cave scared of the sun, moon, stars, beasts, and fish only the biggest threats were identified. These threats included (but were not limited to) things like:
• Unsophisticated entities gaining access because passwords were not used or were publicly shared and posted.
• A disgruntled employee deleting everything (because employees had full access to everything and no back-ups existed).
• Competitors walking into the office unchallenged and leaving with confidential files or a whole server.

These threats were very basic and now seem like they were very easy to overcome; however, at the time they were real possibilities that actually happened. As these types of basic threats were thoughtfully mitigated cybersecurity matured its threat-scope.

Mid Era Threat Scope Maturity

As cybersecurity moved out of caves and into homes it began focussing on inclement weather. Some of the threats in this phase included:
• Attackers whom perform denial of service attacks.
• Threats defacing websites for bragging rights.
• Adversaries using network resources (pirating them for unauthorized uses or stealing internal data).

As these low-maturity threats were fully enumerated cybersecurity developed boundary protection. This era of cyber security focused on keeping the outside out without much internal security or advanced security. Thus, the threat-scope matured and the focus was refocused on amenities.

Recent Era Threat Scope Maturity

As cybersecurity managed to house itself in a way that mitigated the threats of external storms the focus was retrained on internal threats and amenities. Examples of some of the threats of concern in this era included (but were not limited to):
• Attackers whom managed to bypass boarder protections.
• Adversaries that tried to circumvent or remove audit logs and/or trails.
• Threats attempting to alter live and back-up data (data integrity concerns).

This era was characterized by defense in depth tactics and techniques. As this era evolved, the threats were enumerated (and continue to be enumerated), and defenders became overwhelmed by the volume of threats cybersecurity matured yet again.

Current Era Threat Scope Maturity

The current era of cybersecurity is characterized by the zero-trust architecture and mitigating fine grained architectural and environmental threats. Threats of focus in this area may include (but are not limited to):
• Attackers overtaking a legitimate personally owned device to gain access.
• Adversaries embedding themselves in organizations through hiring, bribery, black-mail, extortion or other activities.
• Threats poisoning the supply chain.
• Attackers that leverage email compromises to use a legitimate internal email to quietly compromise all other user accounts.
• Operating system level protocol and process weaknesses.

As this era continues to mature it too will be refined and the threat scope will again be retrained on finer-grained threats. As for now, the zero-trust architecture is viewed as the most advanced and mature cybersecurity threat scoping maturity that is widely disseminated and available.


Threat scoping requires continual evolution and refinement to provide maximum benefit. As such, typically earlier eras of evolution must be fully implemented before later eras can be addressed. An example of this would be ensuring credentials are required for access before ensuring phishing emails are blocked. When it comes to threat scope maturity the most important aspect is ensuring a consistent, repeatable, structured approach is used to address the most impactful threats before pivoting to mitigating refined threats.