The ineffectiveness of siloed cyber security thinking

Despite the multitude of publicly shared data breaches many organisations are not yet taking a strategic approach to cyber threat intelligence.

The proliferation of cyber attacks is only set to continue, and some attacks will increasingly become more sophisticated and complex.

Threat actors are constantly making iterations and developing new tactics. In spite of this, many organisations don’t employ any dedicated security analysts, while others do, but they are too overwhelmed with the volume and format of data they receive.

This can often lead to teams having an unstructured reaction to a cyber attack, or missing the initial signs of a breach.

Demonstrating this, a recent survey found that 70% of respondents believe threat intelligence is often too voluminous and/or complex to provide actionable insights.

>See also: The Trojan horse: 2017 cyber security trends

Less than half (46%) said incident responders use threat data when deciding how to respond to malicious activity, which leaves numerous threats undiscovered.

While almost three quarters (73%) of respondents admit they aren’t using threat data very effectively to pinpoint cyber threats.

Here lies the importance of threat intelligence. Organisations are too often just collating data. The context and value of it is what’s most important.

It must be simple to understand, relevant and actionable, and ultimately help to illuminate risk blind spots and empower organisations to make informed decisions.

This can best be achieved with a mix of human-powered intelligence and automation.

Alongside this is the importance of sharing this information across the business – ensuring that all employees are abreast of any risks coming in and preventing any intellectual property going out (i.e. not using work credentials for non-work sites, or even physical security concerns).

In this vein, current cyber threat intelligence approaches should mature and introduce additional strategies such as business risk intelligence (BRI), to ultimately prepare, inform, and mitigate risk throughout an enterprise.

BRI broadens the scope of cyber intelligence to provide relevant context to business units not traditionally afforded the benefits of intelligence derived from the Deep and Dark Web.

By informing decision-making and improving preparation, BRI mitigates risk across the enterprise resulting in better decisions that protect a company’s ability to operate.

>See also: 10 cyber security trends to look out for in 2017

This gives insights previously reserved just for security and intelligence teams to functional stakeholders across the business.

Aside from bolstering cyber security, BRI also helps confront fraud, detect insider threats, enhance physical security, assess merger and acquisition opportunities, and address vendor risk and supply chain integrity.

With such competencies, organisations can quickly mature their threat intelligence strategies. Most organisations do not have the skills and/or people to move away from tactical response and begin to think strategically.

But looking upstream and tackling a persistent campaign head-on means that certain types of attack can be shut down completely instead of continuously fighting fires and reacting to ongoing threats in a tactical manner.

This mitigates larger sources of threats and takes a top down view to understand the campaigns and techniques being employed by adversaries.

It is also important to add extra layers of capabilities with a business’ Labs team, utilising multi lingual expert analysts to help further contextualise and understand the bigger picture of a threat.

Investing in a threat intelligence platform that brings together multiple streams of information on malicious activity, and then adding layers with services from the likes of flashpoint is a cyber security strategy that works.

>See also: Cybersecurity brain drain: the silent killer

This adds yet another additional level of insight that empowers analysts with safe access to Deep and Dark Web communities from which valuable, relevant intelligence can be gleaned and acted upon.

Seeking out threats under the surface rather than on the Open Web, entering communities alongside malicious actors, taking the scope of cyber intelligence beyond automation.

Thus, gaining human insights and harvesting relevant context to business units not traditionally afforded the benefits of intelligence derived from the Deep and Dark Web.

We are not dealing with amateurs, threat actors will only keep going after larger targets. It is not theoretical that a cyber security attack can kill a company after being hacked.

There has already been countless instances. It has happened to bitcoin exchange firms such as Gox, FlexCoin, and Cryptsy for example.

Learning from threat actors side by side is a real asset. It’s imperative in order to stay on top of what, where, when, and how cyber attackers are behaving, to learn quickly and adapt security technical controls accordingly.

Amongst these communities, the bad guys share intelligence, on the outside, we as the good guys need to as well.

Collaborating in close-knit trusted circles of industry peers will only help to mitigate attacks in real-time as threats emerge and prepare against future attacks. This collaboration is invaluable. Intelligence hoarding is ineffective.

>See also: The cyber security industry is losing the cyber war

Cyber hygiene and network defences has never been more important. The focus has to become getting to the roots of security issues to future-proof business, not just tactically mowing the lawn and patching up for the now.

Many attacks do not have a high level of sophistication, such as malicious actors intercepting two-factor authentication input, gaining access to a network and stealing more credentials. Or, the recent Mirai malware that’s hit the headlines has already demonstrated the ease with which IoT compromises can be automated.

Leaving the concern that non-managed, non-backed up webcams, routers and refrigerators can be held to ransom for a cheap price. The time to act is now.

As the cyber threat landscape grows more complex, businesses have to re-assess, take control and be ready to mitigate against threats on their largest networks.

Determining exactly what intelligence is required and how you can apply it to your business is invaluable.

Sourced by Richard Betts, EMEA business development at Anomali

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...