In the third quarter of 2018 alone, new malware samples increased by a staggering 53 percent, while security incidents affecting multiple sectors rose by 900 percent. It’s little wonder then that cybersecurity continues to dominate headlines, with attackers breaching large organisations on what seems like a weekly basis. The need to intercept such threats – and avoid serious damage to a brand’s reputation, customer pipeline and bottom line – has driven organisations to strengthen their risk posture. No longer is an endpoint protection solution and a firewall enough; instead, the standard for improving defences is fast becoming threat intelligence.
Threat intelligence has been making waves for a few years already, but its full potential remains untapped. At present, the market is saturated with products posing as ‘threat intelligence’ solutions, yet many of these do little more than collate raw threat data. And the threat data pipeline, which incorporates information from the Dark Web, social media, forums and technical sources, is only going to swell as the threat landscape evolves. This is data that is no good to anybody unless cyber experts can use it to paint a picture relevant to their own organisation. However, with so much information available, identifying what’s important isn’t easy – and this is where true threat intelligence comes in, helping security teams make sense of the seemingly senseless.
What’s critical in any threat intelligence programme is relevance. If a critical Skype vulnerability emerges, but Skype is not used within that enterprise, analysing this threat would be a waste of time. As would worrying about malware affecting Android phones in an organisation that uses iOS exclusively. Ultimately, threat intelligence should be used to help security teams identify genuine threats to their organisation, thus enabling them to effectively and efficiently begin reducing risk.
Even with the best intelligence, however, security teams must know how to defend against a threat before they can mitigate it. If they face a threat actor who is delivering malware unlike anything previously seen, awareness is just half the battle. That team enters a race against time to ensure defences are in place – but developing the knowledge and skills required to implement these may take months. A grey area indeed.
Threat intelligence clearly needs to be taken up a notch. A solution that pairs threat intelligence with appropriate real-time learning would alert an organisation to relevant threats, and then demonstrate exactly how to oppose them. Such a solution could see security teams discover a threat in the morning, learn how to mitigate it at lunch, and take appropriate action by evening. Conversely, when identifying a threat without knowing how to mitigate it, there’s no limit on how long gaining the right skills might take – and the damage may already be done.
To borrow the words of the British Computer Society, ‘An effective TI programme manoeuvres an organisation from knee-jerk, reactive, fire-fighting to greater proactivity, observing and nipping potential problems in the bud.’ In which case, an ultra-effective programme would achieve all of this – but at even greater speed. A multi-faceted solution that incorporates not only threat intelligence but engaging, hands-on training could potentially reduce an organisation’s Mean Time to Learn by several-hundred percent.
Fortunately, real-time cybersecurity learning is becoming more widespread, and organisations are ditching traditional methods, such as classroom training, for increasingly adaptive and immersive ones. It is only a matter of time before these solutions are married with quality threat intelligence in one place, enabling organisations to respond to threats with far greater efficiency than at present. And this will be a significant step for global digital security, as we begin to gain ground on innovative cyber criminals who continue to lead the threat landscape.