Article

Kristofer Mansson
Kristofer Mansson 9 March 2018

Changing the game on cyber intelligence

Many enterprises rely too heavily on reactive responses to cyber threats. Rather than preparing in advance and anticipating an attack most businesses try and fight back only when it happens but what they don’t realise is if the attack has landed then they have already lost. Here are three tasks all enterprises should undertake in order to get smarter about cybersecurity.

Driven by digital innovation, business operations have undergone a fundamental transformation over the past decade. And as businesses have moved forward, the fundamentals of cybersecurity have followed behind: What are the weak points in my security strategy? Who are the main threats to my operations? Where am I at risk of compromise? As the shift to a digital marketplace has gathered speed, so has the potential for exposure and the price of failing to secure key assets. The Internet of Things (IoT) is of particular concern in this sense, as it threatens to broaden attack surfaces across the board, especially in the industrial space.

Despite an ever-evolving threat landscape, many organisations remain fundamentally reactive, responding at the point of compromise rather than leveraging real-time intelligence to profile threats as they develop. This is unsustainable. By 2020 it is expected that 25% of cyberattacks will target IoT devices, many of which will be deployed across critical industrial environments. Data breaches have also increased year on year, and the total cost of cybercrime is set to exceed $6 trillion per annum by 2021. The time has come for the old approach to change. The requisite experience, knowledge and solutions now exist for cyber threat intelligence to ‘change the game’.  Here’s how: 

Shift the mindset and expand the viewpoint 

The first step is to switch from a reactive stance to a proactive approach. Playing catch-up is always a sub-optimal outcome, not least because it leaves barely any resources for planning, meaning that the next big problem is often a surprise. To build on an existing security posture it’s vital to stay up-to-date, profile potential threats and evolve processes and strategies pre-emptively. While cyber vendors are often questioned and tested on their ability to deliver ‘actionable intelligence’, the reality is that many organisations don’t have any processes in place to action intelligence. Evolving intelligence needs cannot be met by the important but insufficient practice of simply adding malicious IP-addresses and other indicators of compromise to a SIEM-system or a TIP.  The need for a more holistic approach to threat intelligence, beyond the technical parameters, is widely accepted, yet the traditional IT security industry is struggling to meet demand because they have hardly any experience speaking to the “why?” behind an attack. Finding unstructured insights in social media, paste sites, forums and similar sources from both the surface web and deep/dark web requires companies to turn to different intelligence solutions that are complementary to their existing threat intelligence tools.

Use the data that’s there 

Excluding certain, specialised sources, access to data has never been easier. From a security perspective this is both a good thing and a serious concern. An openly available report on a vulnerability today could be leveraged to create the exploit of choice tomorrow, while a single, misplaced password or private key can lead to a devastating breach and huge losses. There is, however, also great potential for spotting emergent threats and transcending the catch-up game that consumes the time of analysts and researchers. The key is to recognise that intelligence is as likely to come from soft data as it is from structured threat information. Making the most of open sources involves processing the data, understanding its relevance to a certain use-case, and then acting on those findings before others do.  

Support human analysis with automation 

A 2018 SANS survey on the use of cyber threat intelligence noted that, as expected, most organisations are using a wide variety of external data sources, including public feeds, information sharing groups and security vendor reporting. More and more organisations are also recognising that broad attacker trends (76%) and information on vulnerability exploitation (79%) are essential for maintaining situational awareness. However, much of the analysis and intelligence ‘fusion’ taking place is still done manually, with a shortage of skills acting as a major impediment to properly utilising cyber threat intelligence. IOC feeds aren’t enough anymore; if the problem is context, the solution is people, and automation, because collecting, processing and reporting on the amount of data in question is simply not human-scalable. Especially when it needs to be done at pace. Furthermore, not all organisations are looking for the same kind of intelligence. In our modern, interconnected world, cybersecurity concerns blend seamlessly into reputational risk and physical security. With no one-size-fits all solution, customisability is king and analysts need a tool that allows them to decide what kind of intelligence will enhance and protect their businesses.  

This is what we mean by "changing the game"; altering an existing approach, based on appropriate investment in available technology and utilisation of existing resources. Intelligence platforms do the heavy lifting required to process, slice and visualise massive quantities of data in short order, allowing analysts to create contextually relevant and timely intelligence on a case-by-case basis. The truth is that cyber threats cannot be eliminated - but they can be mitigated, provided that the information is out there, and someone is looking. ​

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
McDonald's: the History and Evolution of a Famous Logo

McDonald's: the History and Evolution of a Famous Logo

McDonald's logo is one of the most recognizable in the world. What does the logo of this brand mean, how did it evolve and what is the secret to the success of McDonald’s fast food network?

Anna Kuznetsova
Anna Kuznetsova 24 October 2019
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
The Unintended Consequences of Brand Building on Social Media

The Unintended Consequences of Brand Building on Social Media

The rise of social media and digital connectivity in our daily lives has necessitated brands to establish a strong online presence, often relying on image-based social media platforms to engage with customers and...

Rob Sewell
Rob Sewell 9 February 2024
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more