Blog

6 Steps to Improve Your Threat Intelligence Platform

Cyber threats can come in many forms and shapes. From phishing attacks, social engineering and worms, to APTs - just to name a few - your company should be on constant lookout for those cyber threats and ways to prevent them. Otherwise, the impact on your finances and reputation with customers and shareholders may prove to be too much.

This is why your company needs to have a solid threat intelligence platform in place. With it, you can have at least some peace of mind when it comes to cyber threats that lurk around the online and offline world (remember, not all such attacks come from the Internet).

However, the fact that just because you have one doesn’t mean you get to rest easy. Cyber attackers and hackers are nothing if they are not a creative and persistent bunch constantly leveling up their game. Their attacks are getting more sophisticated and subtle. In fact, according to Navigant’s Cyber Threat Intelligence Report Q1 2017 as many as 73% of IT security professionals in critical industries said their organization had suffered a breach. The only way to oppose them and protect your company is to level up your game as well.

Here are 6 steps you need to take to make your threat intelligence platform better and ready for new cyber threats:

1. Educate Your Employees and Management about Cyber Security

Threat intelligence isn’t just the job of CISOs and security analysts. If others in your organization, both below and above you, don’t realize why it is important to act on it, your threat intelligence model won’t mean very much.

What many forget is that threats come not just from the outside, but from the inside of the organization as well. Employees’ mistakes and negligence can be just as (and often more) destructive to your data as outside threats by hackers, which is why you need to educate employees on these threats. This can be from as simple as “don’t open suspicious attachments from your work station” to ensuring that they understand and follow established company security practices.

As for managers and C-level suites, what you need to do is to breach the knowledge gap. CEOs, CFOs and other C-level executives don’t understand when you talk to them about Man-in-the Middle attacks or Drive-by Downloads, but they will understand very well when you explain it to them and show raw numbers demonstrating how this can impact their budget.

2. Mix Passive and Active Threat Intelligence Gathering

There are three ways to accumulate threat intelligence, two passive and one active. They are:

• Open Source Intelligence (OSINT), which includes gathering publicly available data and information (books, Internet, TV, newspapers etc).
• Signal Intelligence (SIGINT), or monitoring signals that come directly to your network.
• Human Intelligence (HUMINT), in other words, using humans as threat intelligence sources.

Most organizations rely on OSINT. This makes sense as it is freely available; there are many great TI platforms to choose from, which offers, for the most part, good results. However, what these companies and their security analysts fail to see is that OSINT doesn’t provide them with enough intelligence to spot threats that apply to their organization specifically.

Whereas OSINT and SIGINT are both passive intelligence gathering, HUMINT is more active, but the problem is that many organizations don’t have the resources to invest in it. However, that’s not necessarily much of a problem. The Internet is full of valuable information from other people and you just need to collect and disseminate it in a way that will help your organization.

3. Use the Right Threat Intelligence Tools

Threat intelligence analysis usually starts small, with an in-house data security team. But, as the organization grows and threats become bigger and more serious, such approach is no longer enough and it becomes necessary to grow their threat intelligence model.

Your IT team can quickly get bogged down in collecting, analyzing or identifying threats that they don’t have time to respond when the attack actually happens. To make life easier for them and to be extra safe, you need to take advantage of the right threat intelligence tools, like Threat Intelligence Platform or FireEye.

4. Think about Macro and Micro Trends

If your organization is to avoid a data breach, you need to pay attention to both macro and micro threat trends. Just one micro breach can be enough to have even a large company on its knees.

By keeping an eye on macro trends and not just the current cyber threat landscape, you can put your IT security team and the entire company in a good position to identify and adequately respond to micro trends as well.

One doesn’t go without the other. Focus only on micro and you are left vulnerable to macro trends, turn all your attention to macro trends and you expose yourself to micro ones.

5. Act the Data You’ve Accumulated

So, congratulations, you’ve gathered your threat intelligence data. The question now is what are you going to do with this data? How are you going to act on it?

Can you do that at all? If you can’t act on the data, why collect it in the first place? Threat intelligence data won’t help you much if it cannot be acted on.

Organizations must decide for themselves if and how they will respond to what the data is telling them. If they don’t have the resources to do anything about it, perhaps they would be better off focusing their time and budget on incident response. At least until they grow confident enough to actually act on threat intelligence data.

6. Share and Let Others Share for You

Financial and health institutions, in particular, have a responsibility to share the information they’ve gathered with other parties. This includes other financial and health institutions, law enforcement and others. Not only are they regulatorily obligated to do so, but this way they also help others be more proactive when responding to cyber threats themselves.

Of course, one could argue that it is not a good idea to share everything with your competition. And it’s not, which is why you need to appoint a person in charge of communicating with external parties, and that person needs to know to what level they can share information.

At the same time, while you’re sharing threat intelligence data with others and warning them of possible threats coming their way, you should keep an eye on industry resources and information-sharing forums as well. Your company is not operating in a vacuum, and forums like these are a good place to learn about the recent threats, where they come from and how they can affect your business.

Conclusion

Threat intelligence is not something you can set and forget. No organization’s threat intelligence platform, including yours, is fool-proof and threat overload is a serious problem for any industry. An infographic by Anomali illustrates this perfectly as, according to it, 70% of organizations say they are swamped with cyber threat data.

Thankfully, there are ways to improve your threat intelligence model, like those 6 steps we’ve shown here. The only thing you need to do is act on them.