Know your enemy - cyber threat intel crucial
FYI, this story is more than a year old
Managing cyber security on the internet poses a significant challenge for organisations, because the internet was never designed to be secure.
That's accroding to BAE Systems Applied Intelligence, who says new frameworks are needed to address cyber space’s unique characteristics and environments.
The security firm says cyber threat intelligence has emerged as a vital approach to designing an effective security regime.
Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls.
“It is sobering to realise that the most prevalent security controls standard was originally developed in the early 1990s - 25 years ago and prior to the internet as we know it," Shore says. "Given the changes that have occurred since then, it’s no surprise that these controls are no longer adequate.”
“There needs to be much more emphasis on the new approaches such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework if we’re to keep pace with our adversaries,“ says Shore.
He says because cyber space is increasingly looking like a battlefield, cyber threat intelligence is vital to designing an effective security regime. "This means knowing who is attacking you, what their motives are, and how they execute their attacks," Shore explains.
The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.
Shore explains that cyber threat intelligence comes in two forms; operational and strategic. "Operational intelligence consists of data that can be used to configure cyber defence equipment such as intrusion detection devices," he says. "Strategic intelligence is defined as knowing and understanding the potential threats and how they may affect the organisation.
"Both are essential for delivering effective protection," adds Shore.
Organisations can start to understand their adversaries by mapping the adversaries’ past activities and capabilities, historical and current affiliations, their readiness and objectives, and future ambitions. "This lets companies set informed priorities for cyber defence investments, and respond faster and more effectively in the event of an incident," Shore explains.
“Cyber attacks are rarely carried out without clear motivation or as a single action, so one of the key goals of threat intelligence is to anticipate them,” he says.
“To successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.”