How businesses can hunt for cybercriminals

There is no doubt that high-profile cyber attacks that result in loss of personal data are on the rise with a recent report from the ONS confirming there were two million computer misuse offences in the 12 months to the end of March.

Rarely a week goes by without an organisation somewhere in the world hitting the headlines. This makes threat intelligence a hot discussion topic within the security industry.

At its best, threat intelligence can be that critical piece of the security puzzle that makes the difference between successful defence and negative headlines.

>See also: The 2016 cyber security roadmap

As well as helping businesses become more agile when handling cyber risk, threat intelligence can completely change the way organisations approach security by becoming less reactive to event.

Know your yourself and your enemy

The nature of cybercriminals is changing. No longer are they opportunistic individuals – they are attack-minded entrepreneurs with business models, tactics and a long-term strategy.

This means that organisations require knowledge and agility in order to effectively tackle the threats. As IT systems globally experience the rise of these criminal entrepreneurs, threat intelligence is important than ever as a tool that helps organisations protect themselves.

To survive and thrive, organisations need to be able to identify threats early – intelligence is only useful if it is timely, relevant actionable and you have people to action it.

Analysing attacker behavior enables organisations to identify and anticipate what could happen before it does, and help guide pre-emptive measures to mitigate vulnerabilities before they are exploited.

Being able to assess the likelihood of a DDoS attack, for example, or the severity and impact of a data incident, is key to ensuring security for customers and employees in a period of digital transformation.

Organisations are changing quickly, both businesses and individuals are having to adapt their approach. CIOs and IT security professionals must know their organisation inside out and also understand the full spectrum of threats to any given system.

Digital transformation is taking hold and, with it, shadow IT is on the rise. As purchasing outside the IT department continues to grow, it is vital security professionals have assessed the full system architecture. They must understand where the weaknesses and strengths of digital systems lie, and how they can defend themselves against ruthless cybercriminals.

Too much information

Managing threat intelligence is also vital. Collecting and assessing information within the context of a threat landscape is only useful when organisations can respond and provide a strategy to handle threats. This means having the right blend of skills and technology available to analyse, assess and strategise security measures.

To do this, organisations need to consider two types of intelligence: HUMINT (human intelligence) and TECHINT (technology intelligence).

Human intelligence gives organisations access to contextual and historical information about threats, as well as behavioral analysis that can help forge pre-emptive security strategies.

Technology intelligence, on the other hand, gives organisations less insight, but does help organisations to build powerful databases to monitor networks and spot malicious activity.

Being able to record and analyse vast amounts of data quickly enables organisations to move quickly when they are attacked, although it does little to help spot emerging threats.

This means that in order to capitalise on the full capabilities of threat intelligence, human intelligence must be used in tandem with technology intelligence. Organisations need to understand the capabilities and capacity of both and help them help each other.

>See also: 11 trends that will dominate cyber security in 2016

This kind of intelligence sharing gives organisations access to accurate intelligence to both anticipate and respond to attacks, enabling them to take defensive action faster and more effectively.

There’s no ‘silver bullet’ or one-size-fits-all approach – each organisation has its own unique vulnerabilities and must organise both man and machine, in collaboration, to provide the greatest insight and best response.

While threat intelligence will never be able to stop attacks, it provides companies with a toolkit to help them build defences against them.

The best way to defend against threats is to be prepared and proactive – receiving a stream of data and analysis after an attack is really too late.

Forewarned is forearmed, and prior analysis of both behavior and strength enables companies to tailor defences to keep criminal entrepreneurs away from what they want.

Successfully combining human and technology intelligence in a 360° evaluation of vulnerabilities means that organisations can be on the front foot and begin hunting for attackers and individuals threatening their existence.


Sourced from Mark Lavender, head of intelligence development and threat assessment, BT

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics