by Jonathan Zhang, Founder and CEO, Threat Intelligence Platform,
A Cyber Defense Magazine Exclusive Thought Leadership Article
The practice of threat intelligence (TI) is gaining momentum, helping organizations of all sizes to better understand and fix their weak links before cybercriminals have enough time to exploit them instead. This is made possible through the collection and integration of evidence-based data — actual facts about organizations’ online assets including websites, domain names, hosting infrastructure, and servers.
This information comes in handy in today’s cybersecurity landscape where hackers and scammers always seek the easiest approach to access sensitive data and deceive employees and customers into committing mistakes. In this article, we talk about the specific ways TI enables security professionals to step up their game, mitigate risks, and respond faster in the event of a data breach.
Thinking like a Cybercriminal
What’s going on in the mind of cybercrime perpetrators? What type of threat — malware, phishing, spoofing, ransomware or else — is going to bring them the highest financial yield? As part of their sophisticated plans for attack, cybercriminals spend a lot of time analyzing their targets and then decide what is most logical for them to maximize returns.
TI allows security teams to follow a similar process but focusing on what reinforcements their organization requires as a priority in order to minimize the likelihood of successful data breaches. In that sense, TI is about proactively thinking a step ahead and spotting misconfigurations that may result in harmful yet avoidable damages.
Smart Resource Allocation
TI is not a silver bullet, however. Once their most salient vulnerabilities have been identified, companies must take actions. An advantage of incorporating TI insights in the cybersecurity roadmap is that those enable security professionals to take into consideration their particular gaps and allocate their security budget accordingly — rather than blindly following all security best practices out there without bearing context in mind.
For example, let’s say that your company’s biggest security problems are poor encryption and malware. Hackers repetitively manage to gain access to your website and upload files capable of running malicious code. And when visitors download and open these documents, they inadvertently release spyware that silently collects their sensitive personal data — names, addresses, credit card numbers, and passwords — as they make purchases online or sign in to various applications.
In this scenario, a threat intelligence platform could recommend how to improve encryption — e.g., reconfiguring SSL certificates and enforcing HTTPs — and conduct a domain malware check, retrieving details about emerging threats from various cybersecurity databases and providing guidance on how to deal with them.
Third-Party Monitoring
When cybercriminals find it too hard to reach a company directly, they may turn to partners and suppliers with more lenient security practices. So when CSOs implement TI, they should not only consider how their own infrastructure may be conducive to data breaches but also pay attention to third parties with whom confidential or strategic information is frequently shared.
In fact, chances are that your marketing department is using various cloud services on a daily basis — such as email marketing platforms and social media tools — to streamline their operations. But to function and segment subscribers adequately, these applications need customer data including their email address, identifier, past purchases, and location.
From a cybersecurity standpoint, transmitting personally identifiable details to third parties is a risk, and TI assists in assessing the reliability and safety of external vendors’ systems before selecting them and throughout the execution of contracts.
Tackling Data Breaches
Data breaches are still going to happen, no matter how much effort organizations put into avoiding them. What makes the difference between a small and significant cybersecurity incident, however, is often the speed of response. Conducting a TI analysis can help limit damages and recovery time by providing a list of security weaknesses that may have been exploited by hackers and scammers.
Security professionals and investigators can use that information to narrow down the possibilities of what went wrong and take appropriate actions faster — e.g., contacting relevant authorities, temporarily freezing affected systems, and alerting customers.
Through the use of evidence-based data, threat intelligence has become a valuable instrument to learn more about system vulnerabilities, allocate resources intelligently, monitor third parties, and deal with data breaches.
About the Author
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP). He has vast experience in building tools, solutions, and systems for CIOs, security professionals, and third-party vendors and enjoys giving practical tips for better threat detection and prevention. Jonathan can be reached online at [email protected] and at our company website https://threatintelligenceplatform.com/.