Part 1: Cyber Threat Intelligence—Do You Have A Strategic Approach?

Attackers and their methods are evolving and your security approach should be too. In Part 1, we talk about the first aspect of your two-part plan: the strategy.

The exponential growth of data, the sheer number of connected devices, and evolution of third-party enterprise applications and services, while helpful, expose businesses to a greater risk of cyber attack.

In addition to personal computers, internet of things (IoT) devices and cloud applications are ubiquitous in this digital enterprise environment. To stay secure, businesses need robust cyber threat intelligence (CTI) solutions to stay proactive:

“The passive approach of logging, monitoring and alerting is rapidly being replaced with a more proactive approach. Security operations, automation, analytics and incident response as an integrated platform is the way to go,” explains Gaurav Pal, CEO and Founder of stackARMOR.

These CTI solutions come in many forms, like host-based-intrusion detection (HID), focused on operating systems, local devices and network-based intrusion detection (NID).

No matter the solution, every business needs to be adequately protected. Being almost protected by using antiquated CTI tools will no longer be enough because cyber attacks are becoming more and more sophisticated. Your efforts must evolve along with the dangers.

The good news is that there are also many solutions to combat threats within your organization, but only the right business strategy combined with the right technology tools will do the job.

Every enterprise cyber threat intelligence plan should include two components:

1. Strategic
2. Technical

The strategic component is focused on your business needs, leadership and human error, while the technical component deals with the information technology infrastructure; the tools, software, hardware and network systems needed to implement the strategy. Today, we’re tackling the first step: strategy.

Start With the Leaders

Building a strong cyber threat intelligence infrastructure for your business begins with your people; the leadership as well as the employees. The success of the strategy depends on buy-in from the top down.

The Wall Street Journal published a list of questions executives and organization leaders should consider when developing their cybersecurity strategy. Ask yourself:

1. Is there someone on the board who serves as an IT expert and understands cyber risks?
2. Does the company have cyber insurance?
3. Is there a committee assigned to address cybersecurity?
4. Does the company have a chief security officer who reports outside of the IT organization?
5. Is social media a concern for the company?
6. Do the outsourced providers and contractors have controls and policies in place and do they align with the company’s expectations?
7. Is there an annual company-wide education or awareness campaign established around cybersecurity?

The Deloitte Risk and Financial Advisory team highlights that organizations that view cybersecurity reporting and cyber risk management as an opportunity can use it to lead, navigate, and even disrupt in the ever-evolving world of cybersecurity, especially within their own industry. This is an opportunity for corporate leaders to be proactive and stay on top of these increasingly complex cyber threats, and there are two steps to get started:

• Develop a proactive and pragmatic approach to cyber risk management.
• Create better standards and independent scrutiny for increased transparency within your organization.

Develop a Cybersecurity Culture

It’s important to establish a culture of cybersecurity awareness within the company. In doing so, you nurture a mindset of security as a priority among employees, which will enable the business and technology strategies to be effective. Remember, your cybersecurity is only as strong as your weakest link — your employees.

There are a number of ways to instill the importance of security in your employees and ensure they’re maintaining best practices. One of the easiest to implement is requiring two-factor authentication (2FA) on any device or program your employees use, including applications like Slack, Google Drive, GitHub and Dropbox. There are a number of 2FA options, and the PolySwarm CTO recommends the following, in order of best to worst:

1. An app on your phone that doesn’t sync your secrets anywhere (e.g. Google authenticator)
2. An app on your phone that does sync (e.g. Authy)
3. Email based
4. SMS based

At PolySwarm, employees are required to enable 2FA authentication on all applications and devices used for work. The IT team not only reminds us, but also verifies it, which means accountability is important on both sides: leadership and employees.

Other ways to develop a culture of security within your business include:

• Host in-office cybersecurity training
• Identify “security champions” to motivate and onboard others
• Encourage awareness; use mistakes as a teachable moment

Look for Insider Threats

Insiders (current or former employees, contractors or business partners who have access to company’s data or devices) can present a challenge to your organization’s cyber threat intelligence strategy. This insider threat often results in:

• Theft of intellectual property (patents, copyrights, trademark)
• IT sabotage or compromise
• Fraud and abuse of company assets

It may seem like an unlikely issue for your business, but consider the following statistics from the the 2017/18 Kroll Annual Global Fraud and Risk Report:

The first step to avoid insider risks is detecting them before they happen. Carnegie Mellon University CERT Insider Threat Center’s Fifth Edition shares tips for preventing, detecting, and responding to insider threats:

Execute Your Strategy

When it comes to the execution of your cyber threat intelligence strategy, it’s important to assess potential roadblocks that could delay or derail the implementation. Following are the top inhibitors reported by the SANS Institute 2018 Cyber Threat Intelligence survey to consider for your CTI strategy:

A cyber threat intelligence strategy is neither a once-and-done nor a linear endeavor. It’s a continuous and iterative process. Everybody within the company, from the executives to the employees, need to do their share to reduce and mitigate cyber threats, staying aware of potential dangers and reporting and modifying the process as necessary.

Looking Ahead: It’s Time to Find the Right Technology

In Part 2 of this series, we’ll address the technical component of cyber threat intelligence and cover topics such as interoperability, breadth of security coverage, real-time monitoring and threat intelligence feeds.

Follow us on Medium and Subscribe to our newsletter so you don’t miss Part 2!