As Threat Intelligence is one of the key assets to be built in companies, the right information sources will be key. The challenge there is not only to get information but to transform it into actionable intelligence. It needs to be targeted to the industry you are working in as well as to the situation your company is in and the strategy you follow from a business perspective.
From my point of view, most intelligence providers (not to say all) are not yet able to deliver strategic threat intelligence, which can be easily transformed into actionable strategic work – most deliver very good and sound operational and technical intelligence.
But some are moving in this direction. As I always say: I want to know who is attacking me, why, and why now. If I can answer these questions for a current attack as well as for the near future (that’s the dream state), we would significantly change the game.
We acquired iDefense in February to move exactly in this direction. Now, we just released a report showing what we learned in the last six months and considering what we expect to happen the next six months. Not yet tailored to an industry but I guess these threats are universal:
- Destructive Cyberthreat activity is becoming more common and attribution is getting harder
- Criminal marketplaces are profitable and tools are more accessible to all
- Governments are strengthening capabilities to meet strategic goals
- Law enforcement is becoming overwhelmed
Looking at these threats and what we have seen so far in 2017, I guess we need to consider changing the way we work. Basic hygiene is definitely what needs to be established first. This means mainly patch management and identity and access management. They are fundamental (besides others like awareness etc.) to get a proper infrastructure running – and safe. But then we need to leverage that we understand our network better than any perpetrator (at least I hope) and do our homework as well, which means understanding a potential attacker, understanding their capabilities and at the end being able to act. There is no additional value if we know what an attacker is going to do but we have no way to defend. These processes have to be trained and has to be prepared from a technical as well as from a social point of view.
To prepare yourself, read the executive summary of iDefense’s 2017 Cyber Threatscape Report. It is worth it.