Knowing Is Half The Battle

Ronald Buglione, Director, Cybersecurity, Cox Automotive

In this day and age, it’s a cliché to state that cybersecurity threats are growing and changing. Sarcastically put, no kidding! Daily, we read about new threat actors, new hacking techniques, and new ways cybercriminals increase risks to our organizations. Current technologies and infrastructures with complex and disparate environments and processes give bad actors a smorgasbord of opportunities to fulfill their criminal objectives. As cybersecurity threats grow in many shapes and forms, we security professionals need to formulate strategies to combat threats, all to stay ahead in the cat-and-mouse game between us and the bad actors.

Security professionals often find themselves on the defense, flat-footed, waiting for the next big announcement surrounding a new cybersecurity threat that materializes risk to their organizations.

How do we better prepare and stay ahead of the proverbial cat-and-mouse game, prepare for the inevitable bad news of an impactful cyber-attack, all while being as preventative as possible to protect our organizations? We security professionals need to leverage and strategize threat intelligence, which can help better prepare us and our stakeholders for the current landscape and uncharted territory ahead. Simply put, cyber threat intelligence is collected and refined information that provides insights into credible cybersecurity threats. 

Effectively applying and using threat intelligence can help reduce the risk and effectiveness of threats while providing a glimpse into the future and aiding us in being proactive

Staying current on daily security news, learning the threat flavor of the day, week or infinity, learning about the latest critical (patch now) vulnerability being exploited in the wild, or learning about the latest breach of a third-party supplier are all examples of day-to-day operational Threat Intelligence. Operational Threat Intelligence helps a broad range of organizational stakeholders and security professionals adapt to everchanging security threats, which aids them in preparing and nimbly defending against threats to their organization and business model.

“Security professionals often find themselves on the defense, flat-footed, waiting for the next big announcement surrounding a new cybersecurity threat that materializes risk to their organizations”

Staying educated and curating deeper technical details about threats, i.e., cyber-criminal gangs and their threat tactics, techniques, procedures, motives and objectives, along with any other intelligence to identify and fingerprint them, are good examples of tactical threat intelligence. Tactical threat intelligence is geared towards technical audiences, such as security operations personnel and cyber defenders. It plays a critical role in day-to-day operations to protect and defend against threats. Both operational and tactical threat intelligence help us deal with the bad news as it comes, help prepare us for better defense and have their place to help predict the future of threats. Trending operational and tactical threat intelligence (quarter after quarter/year after year) helps us potentially predict the future of threats through patterns and helps give us that crystal ball we are all desperately seeking. It is important to note that operational and tactical threat intelligence both feed and support Strategic threat intelligence; both areas provide tangible intelligence points to help steer longer-term security strategy.

Strategic threat intelligence is higher-level information best consumed by decision-makers and corporate management. Based on strategic threat intelligence, decision-makers can understand the threats to their organization, which areas of security to invest in, prioritize which security controls to implement, assess organizational risks, define threat landscapes to their business, and align security strategy to the overall business strategy. Strategic threat intelligence helps steer long-term security strategies, objectives, and decisions

To ensure an effective strategy around threat intelligence, it is critical that threat intelligence in all areas is collected, communicated, and appropriately actioned. Collecting operational, tactical and strategic threat intelligence is rather trivial to establish and attain. There are many ways this can be achieved; this might be the easy part. The key is to ensure the intelligence is properly communicated and falls into the laps of the correct stakeholders. Once collection and effective communication processes are established, the next step is for stakeholders to take action on the threat intelligence. It is imperative the respective stakeholders make use of the intelligence in their battle against current and evolving threats. If threat intelligence is not being properly consumed, not being distributed/ shared with the proper stakeholders, or actioned, there will be a breakdown in its effectiveness, hence leading to intelligence failures and opportunities for threats to flourish.

Cyber threat intelligence is a primary pillar supporting all cybersecurity functions of organizations. When dealing with current and future threats, it is imperative to create a robust and enforceable threat intelligence strategy at multiple levels to help reduce risk to our organizations. In closing, we do our best to prepare, prevent, and predict cyber threats against our organizations and as the saying goes, “knowing is half the battle.”