31 May 2016
Blogs by author: Global Services, We’re a leading global business communications provider
To tackle cyber threats to your organisation, you have to know what you’re up against. Here’s how threat intelligence helps you keep the hackers at bay.
The importance of threat intelligence.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know neither the enemy nor yourself, you will succumb in every battle.”
It’s rare not to see a quote from Sun Tzu’s ‘Art of War’ when discussing cyber security. Mainly because of how well his philosophy on strategy relates to the struggle between cyber criminals and those looking to defend their networks.
And in this instance, the quote shows exactly why your organisation needs threat intelligence — because only through this knowledge and understanding will you have the means to defeat your adversaries.
Know your adversary.
Threat intelligence is certainly a hot topic right now. Just last week, our own Mark Hughes took part in a roundtable event BT hosted in partnership with SC Magazine. This brought security experts together to discuss methods to improve the use of such intelligence.
You’re bound to hear more about threat intelligence in the future, too. No surprises there; it’s an important area for your organisation to focus on because it allows you to assess the likelihood, severity and impact of cyber threats targeting you.
This assessment means you can understand and address your own unique risk landscape — the cyber equivalent of knowing both yourself and your adversary. And from there, you can make informed decisions about how to deploy resources in a way that minimises the effects of a security breach.
As well as helping your business become more agile in its dealings with cyber risk, threat intelligence can completely change the way you approach security. With knowledge on your side, you’ll become less reactive to events. You’ll also develop a ‘hunter’ mindset as you seek to identify vulnerabilities long before hackers can exploit them.
Manage your intelligence.
However, there is such a thing as too much information. What I refer to as ‘intelligence’ is data that’s relevant to the areas your organisation needs to protect (remember the bit in the quote about knowing yourself?). And that means knowing how your data assets are organised and structured internally.
Overwhelm yourself with too much information and you’ll get no insight whatsoever, leaving you as defenceless as when you started.
Another key element of using threat intelligence is how you manage it. There’s no point in collecting information on your threat landscape if you don’t have the right blend of skills, experience and knowledge to analyse it.
You need to make sure you can work with two important types of intelligence:
Human intelligence that gives you a wealth of contextual information about threats, but can be difficult to integrate with your Security Incident and Event Management (SIEM) systems.
Technical intelligence that gives you less insight than HUMINT, but allows you to build powerful databases to monitor your networks and spot malicious activity.
Understanding these different types of information will help you gather relevant intelligence that allows you to take decisive action against cyber threats.
Mitigate the threats.
The thing to remember with threat intelligence is that, while it helps you protect your organisation, it doesn’t prevent cyber attacks by itself. Take DDoS attacks, for instance. With the right intelligence, you can spot them and take action to mitigate their effects, but this doesn’t mean you can stop them.
All you can do is prepare yourself as much as possible to face evolving cyber threats. Forewarned is forearmed — and threat intelligence allows you to arm yourself, ready to fend off attack.
Discover more about how threat intelligence can help you protect your organisation, and read the executive summary of our new report, written in partnership with KPMG, about how you can take the fight to cyber criminals.