Cybercrime is one of the fastest growing industries in the world. With news of some new cyber-attack nearly daily, the estimated cost to the global economy is about $400 billion dollars. Plenty of data exists, with literally millions of internet and dark web forums and discussions. Given the abundance of data, you’d think there wouldn’t be so many successful attacks. Well, that’s the difference between information and intelligence.
Cyber Threat Intelligence (CTI)
Information is just data. No context. Often intentionally false, misleading or unreliably sourced.
A good definition of threat intelligence is Gartner’s: “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
Actionable attack intelligence is data that has gone through tiers of evaluation: from data gathering (often automated), to refinement, cross-evaluating/cross-referencing, and, generally, human evaluation. Only after standing up to these tiers can information become knowledge and knowledge be acted-upon with wisdom. Only at that point do you have actionable intelligence.
What You Can Do
Given the scope of the global cyber security threat, what can you do to have access to actionable intelligence and protect your business resources?
- Educate — Just by reading this you have started the first step. The truth is, it is not a question anymore if your organization will face a cyber-threat, simply a matter of when, perhaps also a question of how often. Nearly all business data has a value on the cyber black market, and broad-based attacks indiscriminately attack all computers with an internet connection if they can gain access. So find out what the latest threats are. Find out what the best security tools available are. Find out what to teach your employees and what to monitor internally, since an estimated 80 million attacks occur internally each year.
- Collaborate — The scope of the threat is too vast for any singular organization to be solely responsible for CTI. In recognition of this fact, even the largest security organizations are banding together for the purposes of collaboration. Join the conversation. Hewlett Packard Enterprise created Threat Central. Cyber Threat Alliance was co-founded by Fortinet, Intel Security and Palo Alto Networks. The United States government jumped on board with a Cyber Threat Intelligence Integration Center. You can either join the community of cyber security, or have a service that can peer source from such alliances.
- Formulate — After you’ve done your information gathering through the previous two steps, you need to set goals, a plan and priorities for your organization. If you don’t already have a corporate cyber security plan, formulate one. If you have not already organized staff cyber security training, prioritize it and incorporate it into your annual training plan as thoroughly as you do fire drills and PPE (personal protective equipment) training, or whatever else your required training includes. Working with a cyber-security professional team you can set organizational goals for proactively maintaining the integrity of your digital data.
Two Things You Must Also be Sure Not to Do
- Don’t trust everything you read labeled “cyber intelligence.” Now that you know the difference between information and intelligence, look for the tiers of evaluation and actionable intelligence over the ubiquitous CTI label. Cyber intelligence services should simply go through due diligence and a scope of such services laid out transparently in terms of depth and uniqueness.
- Whatever you do, don’t panic. Sun Tzu is credited as having said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Even while the international hacker community collaborates for your business’ data, your growing body of knowledge and preparation, coupled with sound policy, stands the best chance of protecting your data resources.