Blog · 09 Dec 2020

Five steps to effective cyber threat intelligence

As the threat landscape becomes more complex, threat intelligence is helping businesses cut through the noise to realise greater value from their existing security investments.

Daniel Lawrence
Senior manager, intelligence

Cybersecurity departments are working harder than ever right now. They’re facing a rapidly evolving threat landscape, a key driver impacting information security.

The pandemic has stepped things up a gear by unleashing a blizzard of cyber attacks, ranging from phishing expeditions to ransomware. It’s reported that 91% of firms have seen an increase in cybersecurity attacks, and I believe that could be a conservative estimate. Plus, they’re having to manage many more security tools now, deployed as a quick security fix to cope with the big shift to remote working, coupled with the significant increase in alerts the new tools generate.

Achieving robust cyber threat intelligence is a challenge

With this heavy workload, your team’s focus can’t be everywhere at once. That’s where cyber threat intelligence can play a key role in cutting through the noise and helping your team to prioritise. But many businesses are struggling to find the right combination of people, processes and tools to generate, consume and act upon the threat intelligence information that’s available to them.

Handling the whole cyber threat intelligence process end-to-end in house is an expensive business, needing a large team. Although processing tools allow some of the data work involved in assessing threats to be automated, the majority of processing tasks are still done either manually or are semi-automated.

The people you need are in short supply: only 8% of organisations have the skills needed for an effective threat intelligence capability. The staff organisations do have are stretched, prompting many to look to external suppliers. Recent figures reveal 61% of firms use a combination of in-house and service provider teams to handle cyber threat intelligence.

And then there’s the deluge of information that comes from the huge array of threat intelligence feeds that businesses can subscribe to. It’s easy to miss critical threats or overact to situations that aren’t necessarily dangerous when you’re drowning in security alerts and generic threat intelligence data.

However, if you get your approach to threat intelligence feeds right, your cybersecurity teams can get actionable insights that are tailored and relevant to your business. Instead of adding to their security alert overload, their feeds will narrow down the field and your experts won’t miss critical threats. In the fast-moving world of cybersecurity, this can mean the difference between successfully defending your organisation and falling victim to a cyberattack.

The five steps to keeping safe

A strong cyber threat intelligence process should involve five key steps:

  • consolidate: gather relevant intelligence to achieve a single overview of the threat landscape
  • contextualise: understand the threats and the danger they pose to your organisation
  • prioritise: focus on the threats that need the most attention
  • use: turn prioritised threats into actions that mitigate the danger
  • enhance: update your threat intelligence to stay ahead of the cybercriminals.

Partnership is the way forward for threat intelligence

For most of the organisations I speak to, setting up and maintaining a robust cyber threat intelligence operation in-house is impractical. They’ve made the decision that it’s far more cost-effective to work with an external partner that knows what to look for and provides true, actionable threat intelligence.

In my experience having access to lots of data is one thing; but having access to large volumes of different types of data is what differentiates a world class threat intelligence provider from the rest. Having a global presence and managing the most sensitive government networks and Critical National Infrastructure allows the ability to gather rich data from a range of environments. Using this ringside seat enriches the picture to spot both simple and complex cyber threats ASAP is also critical. You want to know that an advisory alert raised in Australia, for example, will be analysed to see if it’s also a threat for an enterprise in the UK.

The best defence a business can have is intelligence. Find out more about how cyber threat intelligence can help your organisation to stay ahead of cyber risks by prioritising security warnings.