Return to site

Threat Intelligence Ensures Effective Security of Cyber Data

· Threat Intelligence,Cyber Security,Data Protection,Information Security,Data Security

The evolution of technology has brought about radical changes in today’s world. Be it the rise of new industries, structured work processes, skill set requirement and, in general, the definition of success.

Organisations are competing on a massive scale and are in a continuous process to sustain in the market. They also strive hard to exceed their competitors in terms of deliverables, growth and revenue. However, constant progress is only possible with an environment that provides maximum opportunities and minimizes threats.

On one hand, companies face internal threats comprising incompetent resources, weak change management or instability in the organisational culture. Not only this, there are external threats including market competition, fluctuating economic conditions or simply cyber security.

This proves the need for organisations and businesses to take strong measure to stay protected from all sorts of cyber-crime. This may include data theft and manipulation of information by external factors.

Threat Intelligence and the Chronicles of Cyber Crime

Did you know that according to Verizon’s 2015 DBIR, a financial loss of $400 million was estimated from 700 million compromised records? This resulted from a whopping number of 79,790 security breach episodes.

To develop such a strong shield requires organisations to stay alert regarding potential threats, recognizing their patterns as well as ways to resolve them before they are a source of damage.

Threat Intelligence Ensures Effective Security of Cyber Data

This process is termed as “Threat Intelligence (TI)” or “Cyber Threat Intelligence (CTI)”. It entails an organized approach towards the acquisition, retention and analysis of information regarding existing or potential threats to the organisation.

Levi Gundert is the Vice President of Threat Intelligence at Recorded Future. Gundert defines TI in two interdependent categories: Operational and Strategic.

Operational intelligence is created by computers including identifying data and collecting it by analysis. Strategic intelligence, however, is done by human analysts and embodies a more complex procedure. So, it involves the recognition and investigation of an organisation’s assets, such as infrastructure, work force, clients and vendors. [3]

It is no surprise that there has been an exponential rise in the threat intelligence security services spending globally between 2009 and 2019. In 2018, this spending has been forecast to 1461.2 million U.S. dollars. [4]

So, How can Threat Intelligence (TI) Help?

Simply put, TI can help organisations recognize and overcome important issues that may include:

  • Staying updated on the ever increasing information on security threats e.g. potential targets, methodologies and possible vulnerabilities.
  • Being proactive in devising solutions for possible threats to your organisation with reference to the organisation’s potential areas to threat.
  • Informing organisational leaders and keeping them aware about the existing dangers and possible repercussions of different security threats.

Sources and Implementation

Despite the criticality of TI, organisations face many obstacles and problems in implementing an effective system for cyber security.

In a 2017 survey by SANS, 53% respondents termed lack of trained staff and skill set as the most significant obstacles to an efficient CTI program. In the same survey, 50% organisations cited lack of funding as a major hindrance whereas 42% considered limited time as a prominent factor. [5]

Matt Bromiley, the author of SANS white paper “Threat Intelligence: What It Is, and How to Use It effectively”, claims that the sources of intelligence play an important role in improving an organisation’s ability to stay secure with TI. Bromiley categorizes sources for TI as Internal and External.

Internal sources encompass data points and information from within the organisation. Malware infections and other similar issues experienced on a daily basis.

These issues may seem random and irrespective of each other, however, these may prove to be a good source for analysts to organize the seemingly incoherent pattern into potential information. This also enables organisations to convert unrelated incidents into “enterprise intelligence”.

Bromiley highlights the following steps for implementing and utilizing an efficient Threat Intelligence solution: [2]

Defining TI:

This is the process of how thereat intelligence (TI) is perceived and defined with reference to the corresponding organisation, all the while setting realistic and appropriate expectations.

Sourcing TI:

Sourcing TI involves making the best of internal as well as external sources to meet the requirements of the organisational.

Making TI Actionable:

This is a critical part that encompasses more than just collecting data points. Instead, it focuses on how to effectively implement intelligence findings throughout the organisation.

By following these steps, organisations can more effectively plan out their requirements and implement a TI program, accordingly.

What factors does your organisation take into account in designing and creating its Threat Intelligence mechanism? Share your thoughts with us in the comments below.

References:

  1. https://thehackernews.com/2015/11/what-is-cyber-threat-intelligence.htm
  2. https://www.sans.org/reading-room/whitepapers/analyst/threat-intelligence-is-effectively- 37282
  3. https://www.recordedfuture.com/levi-gundert-interview/
  4. https://www.statista.com/statistics/417588/threat-intelligence-security-severices-spending- worldwide/
  5. https://www.sans.org/reading-room/whitepapers/threats/cyber-threat-intelligence-uses- successes-failures-2017-cti-survey-37677