As enterprise adoption continues, we must understand that the threat intelligence industry is still in its nascent stages and for these programs to pack a punch, a cyber threat intelligence team should know what their measurable goals and business outcomes should be.
Otherwise, a threat intelligence team and be rendered into a useless unit that keeps brewing reports which have no significant impact on business decisions. Threat intelligence is not just valuable for larger corporates but now they are showing their value in the small and medium business sectors as well, since, teams can now evaluate and measure how much progress they are making as a cyber-security team. When an organization can measure progress and they are able to communicate the same, then it presents a more powerful value proposition for the businesses. If a threat intelligence team is being built, then it has to be built by the seniority in the organization by setting the intelligence requirements. And if an organization can do that seamlessly, then they are on their way to success.
Understanding threat intelligence is nothing but the ability to understand, explore and increase awareness of the adversary space. A threat intelligence team should be aware of the adversary’s tactics, techniques, and procedures. However, teams go wrong when they care less about who is being attacked and focus only on how to mitigate the after-effects of the attack.
This is a short-sighted approach because attribution is important.
The key learning lies in the old phrase “Motivation informs technology” And if you do not understand the motivation behind the attack then it’s going to always be difficult in addressing the security loopholes. While it’s not necessary to know the last name or the address of the adversary, sometimes it’s vital knowing the country, ideology and the motivation behind the attack. It helps the team, look through a different perspective and aids in predicting future attacks.
Elements of a Cyber Threat Intelligence program
If a program is being built for cybersecurity then it has to improve the security of the organization as well, which is the end goal of every activity that is planned. However, the organization needs to address the question of what they want from their security team and accordingly plan to achieve that goal. The first thing organizations need to do is they need to make sure they have the buy-in on the requirements and then they can lead intelligence-driven and build processes and programs.
The seniority team has to define what expectations they have and in what time frame they expect them to be delivered by the team. The cybersecurity team should be measuring operational security improvements while determining the goals of the team and the skill set along with the tools required to achieve those goals.
Measuring the Cyber Threat Intelligence
Our experts say that there is no easy way of measuring the efficiency of a Cyber Threat Intelligence program since there are no set metrics for any particular industry. If the Cyber Threat Intelligence (CTI) team knows what the business intelligence requirements are then they surely have some idea, if they are performing to the expectations or faltering to deceive.
Given there is a tendency to be reactive, being able to assess and measure risk becomes important. The Cyber Threat Intelligence (CTI) should put together a risk centered approach rather than persisting with a threat reactive model. The team should focus their time and resources on areas that are susceptible to attack, resulting in monetary loss. A paradigm shift in the perception of security professionals is needed along with the security technologies and making everything transparent internally.
At an organizational level, while there are a lot of ways to build a Threat Intelligence team, it would work well if it is working in tandem with the incident response team due to its functions.
To read more, please check eScan Blog
