Article

Kristofer Mansson
Kristofer Mansson 9 March 2018

Changing the game on cyber intelligence

Many enterprises rely too heavily on reactive responses to cyber threats. Rather than preparing in advance and anticipating an attack most businesses try and fight back only when it happens but what they don’t realise is if the attack has landed then they have already lost. Here are three tasks all enterprises should undertake in order to get smarter about cybersecurity.

Driven by digital innovation, business operations have undergone a fundamental transformation over the past decade. And as businesses have moved forward, the fundamentals of cybersecurity have followed behind: What are the weak points in my security strategy? Who are the main threats to my operations? Where am I at risk of compromise? As the shift to a digital marketplace has gathered speed, so has the potential for exposure and the price of failing to secure key assets. The Internet of Things (IoT) is of particular concern in this sense, as it threatens to broaden attack surfaces across the board, especially in the industrial space.

Despite an ever-evolving threat landscape, many organisations remain fundamentally reactive, responding at the point of compromise rather than leveraging real-time intelligence to profile threats as they develop. This is unsustainable. By 2020 it is expected that 25% of cyberattacks will target IoT devices, many of which will be deployed across critical industrial environments. Data breaches have also increased year on year, and the total cost of cybercrime is set to exceed $6 trillion per annum by 2021. The time has come for the old approach to change. The requisite experience, knowledge and solutions now exist for cyber threat intelligence to ‘change the game’.  Here’s how: 

Shift the mindset and expand the viewpoint 

The first step is to switch from a reactive stance to a proactive approach. Playing catch-up is always a sub-optimal outcome, not least because it leaves barely any resources for planning, meaning that the next big problem is often a surprise. To build on an existing security posture it’s vital to stay up-to-date, profile potential threats and evolve processes and strategies pre-emptively. While cyber vendors are often questioned and tested on their ability to deliver ‘actionable intelligence’, the reality is that many organisations don’t have any processes in place to action intelligence. Evolving intelligence needs cannot be met by the important but insufficient practice of simply adding malicious IP-addresses and other indicators of compromise to a SIEM-system or a TIP.  The need for a more holistic approach to threat intelligence, beyond the technical parameters, is widely accepted, yet the traditional IT security industry is struggling to meet demand because they have hardly any experience speaking to the “why?” behind an attack. Finding unstructured insights in social media, paste sites, forums and similar sources from both the surface web and deep/dark web requires companies to turn to different intelligence solutions that are complementary to their existing threat intelligence tools.

Use the data that’s there 

Excluding certain, specialised sources, access to data has never been easier. From a security perspective this is both a good thing and a serious concern. An openly available report on a vulnerability today could be leveraged to create the exploit of choice tomorrow, while a single, misplaced password or private key can lead to a devastating breach and huge losses. There is, however, also great potential for spotting emergent threats and transcending the catch-up game that consumes the time of analysts and researchers. The key is to recognise that intelligence is as likely to come from soft data as it is from structured threat information. Making the most of open sources involves processing the data, understanding its relevance to a certain use-case, and then acting on those findings before others do.  

Support human analysis with automation 

A 2018 SANS survey on the use of cyber threat intelligence noted that, as expected, most organisations are using a wide variety of external data sources, including public feeds, information sharing groups and security vendor reporting. More and more organisations are also recognising that broad attacker trends (76%) and information on vulnerability exploitation (79%) are essential for maintaining situational awareness. However, much of the analysis and intelligence ‘fusion’ taking place is still done manually, with a shortage of skills acting as a major impediment to properly utilising cyber threat intelligence. IOC feeds aren’t enough anymore; if the problem is context, the solution is people, and automation, because collecting, processing and reporting on the amount of data in question is simply not human-scalable. Especially when it needs to be done at pace. Furthermore, not all organisations are looking for the same kind of intelligence. In our modern, interconnected world, cybersecurity concerns blend seamlessly into reputational risk and physical security. With no one-size-fits all solution, customisability is king and analysts need a tool that allows them to decide what kind of intelligence will enhance and protect their businesses.  

This is what we mean by "changing the game"; altering an existing approach, based on appropriate investment in available technology and utilisation of existing resources. Intelligence platforms do the heavy lifting required to process, slice and visualise massive quantities of data in short order, allowing analysts to create contextually relevant and timely intelligence on a case-by-case basis. The truth is that cyber threats cannot be eliminated - but they can be mitigated, provided that the information is out there, and someone is looking. ​

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
The Key Differences Between Machine Learning and AI

The Key Differences Between Machine Learning and AI

You’ve probably heard about “machine learning” and “artificial intelligence”. But what’s the difference between the two? We break down everything you need to know.

Anna Kucirkova
Anna Kucirkova 10 September 2018
Read more
What Marketing Content Do Different Age Groups like to Consume?

What Marketing Content Do Different Age Groups like to Consume?

Today marketers have a wide choice of different content types to create; from video to blogs, from memes to whitepapers. But which types of content are most suitable for different age groups?

Lisa Curry
Lisa Curry 21 October 2016
Read more