There are two facts about the how cybersecurity incidents have progressed in the last year that are hard not to notice and that businesses—especially ones at the enterprise level – can’t ignore.
The first is that the costs of data breaches are really starting to add up for enterprises, not just in terms of stolen financial data, but in terms of brand damage and (perhaps most disturbingly for businesses) legal fallout.
The second is that the threats themselves are evolving. They are more intentionally targeted, with hackers implementing carefully crafted and managed Advanced Persistent Threats (AVP) to extract data from enterprises, and with malware being used in order to steal data that are more personal, for reasons that extend beyond just racking up fraudulent credit transactions.
Industry leaders are touting cyber threat intelligence as the way that the proliferation of these sorts of threats can be headed off. But as with any security solution, there is a right way to implement it and a wrong way. What separates a cyber threat intelligence program that works from one that still lets threats slip through the cracks? Here are a few tips for implementing an expert threat intelligence program that will do more than give lip service to combating the rising tide of cybersecurity threats.
1. Implement Data from Relevant Sources
One of the great pluses of threat intelligence is that it allows enterprises to assess risk and move accordingly. If an enterprise operates in a certain sector of the financial services industry, and there has been a surge in malware targeted at extracting data from that type of institution, that is a critical piece of intelligence that an enterprise will need to act on. Likewise, if the malware targeting these enterprises is operating in a certain fashion, or if the attacks are being facilitated by a particular kind of phishing scam, that is critical intelligence for an enterprise to have. It’s easy to see how collecting this granular, relevant information can help stop cyber-attacks, and thus why sources of intelligence that pertain directly to an industry, its needs, and its overall threat profile are a crucial part of an expert threat intelligence program.
2. Take Advantage of Cross-Enterprise Information Sharing
Enterprises have been trained to be cagey about sharing information given the centrality of trade secrets in the world of business. But when it comes to cybersecurity, cross-enterprise information sharing is a necessity. If an enterprise in a given space has been the victim of an attack, knowing that it happened and understanding the mechanics of the attack can help every other enterprise in the space stay safe. There are even some software solutions that aggregate this sort of information in real time from all the enterprises with the solution installed—an important technological adaptation that we will no doubt see more of as threat intelligence matures as a security solution.
3. Give IT Staff the Authority to Act
The automated implementation of threat intelligence from a technological solution as discussed above may sound like a revisiting of the perimeter security paradigm. But no matter how good a technological solution is, the real power of digital threat intelligence is on the human side. It’s in the ability of staff to act on alerts, apply solutions, and implement rules based on what the data indicate may be a concern.
For instance, if there is a zero-day exploit that shows up targeting a particular piece of software or website, this information should appear through an intelligence feed. But if an enterprise’s IT staff does not have the authority to prevent employees from using that software or visiting that website until the threat is patched or otherwise addressed, the intelligence does nothing—the enterprise is still susceptible to the threat.
These examples indicate that, at the end of the day, industry-specific intelligence shared between enterprises and acted on by empowered IT staff is the key to making an expert cyber threat intelligence program work.
What ways have you seen enterprises successfully implement an expert cyber threat intelligence program?