Why threat intelligence should be on every enterprise’s radar
By Mark Ward, Group Chief Information Security Officer, (G-CISO) at Provident Financial Group incorporating Vanquis Bank
Thanks to a string of high profile incidents over the last two years, cyber security has rarely been more visible as a business priority. A more negative side effect of this high profile is a tendency for companies to get caught up in the latest threat instead of thinking strategically.
We saw this last year with the very public outbreaks of WannaCry and NotPetya, when many companies rushed out to invest in anti-ransomware solutions rather than the basic good practice that would have prevented the damage.
With so many different potential threats facing organisations, it can be difficult for them to know which way to go with their strategy. Perhaps the single most important asset for a company to overcome this challenge is threat intelligence.
How intelligence can prevent security incidents
While intelligence used to be restricted to the realms of secretive governmental agencies, the last few years have seen the emergence of a thriving intelligence market that any enterprise can use. The depth and breadth of information that can be accessed is staggering, and a good source of threat intelligence is worth its weight in gold
For comparison, you could equate a cyber-attack to the risk of being hit by a bus while crossing the road. For many security strategies, the approach is akin to hoping a bus won’t hit you, or you won’t be too badly hurt if you are, and hospital can help. With good intelligence, you can see the bus coming and simply get out of the way.
However if intelligence is attuned to the wrong threat profile it will waste a lot of money and resources on flagging the wrong threats, while also missing many relevant indicators. Vanquis for example is a credit card and loans provider. Although we fall under the same broad umbrella as high street banks in some respects, we have a very different threat landscape and do not share many of the traditional threats facing the banking sector.
With a thorough understanding of the threats the organisation may face, it is possible to hunt down specific indicators. In the banking industry and credit card service for example, it is imperative you know when card data has appeared for sale on the dark web, or if a bank’s systems are being targeted by a particular malware campaign. Having visibility of these threats will allow the organisation to move quickly and minimise the threat.
Another common problem these days is the impersonation of senior executives on social media as a method for initiating social engineering attacks. We need to know about this as soon as possible so that we can get the imposter shut down and protect our employees and associates from being approached and deceived by them.
Financing threat intelligence
Having a focused approach to intelligence gathering is also very important when discussing it with the board. The ability to point to external sources and intelligence reports that highlight a specific threat to the company will make it much easier to justify the expense of both the intelligence programme, and the security operations needed to counter the threats.
Indeed, cost can be one of the biggest barriers to acquiring good threat intelligence. Recruiting and retaining the experienced team of personnel needed to run a Security Operations Centre (SOC) can be expensive and challenging due to the demands on the market. It is also necessary to continually invest in the most appropriate technology.
Outsourcing to a third-party provider is one of the best ways for an organisation to access high quality threat intelligence without the expense and resources required by a large in-house team. This approach will also be flexible, enabling the firm to scale up or down as their security profile changes.
However, organisations must assess their provider very carefully, and should assess several options first to find one that fits with their specific threat profile and needs. Alongside capability, it’s also important to find a good cultural fit, and ideally the provider should come to feel like an extension of the company itself.
Ultimately, although you can outsource capability and responsibility for security, you can never outsource accountability. It’s up to the company itself to ensure they put the intelligence to good use in defending against attacks. I anticipate threat intelligence to be a major talking point at the Cyber Security Connect UK from 7 to 9 November 2018 in Monaco.
By Mark Ward, Group Chief Information Security Officer, (G-CISO) at Provident Financial Group incorporating Vanquis Bank
