Threat Intelligence

22nd April 2021 | Cybrary

Threat Intelligence (TI) is information about current attack tactics and techniques (T&T) used by hackers to breach companies, their networks, and their data. Threat Intelligence collects, compares, and summarizes T&T to help you prevent or mitigate cyberattacks against your company.

Two thousand years ago, a highly decorated and successful Chinese military strategist, Sun Szu, wrote a treatise on the “Art of War“. One of the tenets of his book was this: “to be successful in war, you must know what your enemy is up to”. This is what Threat Intelligence represents. TI details what hackers and attackers are up to, so you can better prepare your defenses.

Cyber attacks are growing in frequency and complexity. Businesses of all shapes and sizes need to leverage threat intelligence to get a leg up on their adversaries.

Threat intelligence solutions gather raw data on emerging or existing threat actors from a number of sources. This data is analyzed and filtered to create threat feeds and management reports that contain information that can be used by automated security control solutions. The primary purpose of this type of security is to keep organizations informed of advanced persistent threats, zero-day vulnerabilities, and how to protect against them.

What does this mean for an SMB?

Threat Intelligence data comes from many sources including Threat Hunting, forensic investigations, vendor advisories, and security strategists. Threat Intelligence is often freely published by organizations such as Mitre and the Internet Storm Center. SMBs should subscribe to a Threat Intelligence feed or a blog on cybersecurity to be made aware of emerging threats.

However, knowing your enemy is not enough. A closer examination of Sun Tsu’s treatise finds this quote:

"If you know the enemy and know yourself, you need not fear the results of a hundred battles."

This is why CyberHoot always recommends you perform a risk assessment of your own environment to determine gaps or weaknesses in your own cybersecurity program. Once you’ve determined your gaps, you can plan how to spend your finite time and money addressing them. Within your own risk assessment, make sure you examine whether you’re doing the following best practices:

10 STEPS EVERY SMB SHOULD TAKE TO PROTECT THEMSELVES FROM CYBER ATTACKS:

Train employees on the cybersecurity best practices.
Phish test employees to keep them vigilant in their inboxes.
Govern staff with policies to guide behaviors and independent decision-making.
Adopt a Password Manager for all employees.
Enable two-factor authentication on all critical Internet-enabled services.
Regularly back up all your critical data using the 3-2-1 approach.
Implement the Principle of Least Privilege. Remove administrator rights from employee local Microsoft Windows workstations.
Implement email security including third-party SPAM protection, DNS security for Mail Exchange records (DMARC, DKIM, and SPF) all combined with external email banners to give employees a fighting chance.
Build a robust network at your firm that is properly segmented. Network segmentation is to computer networks what sealed ballasts are to Submarines. They enable damaged sections of a company or submarine to be completely isolated to prevent sinking of the whole network or submarine respectively.
Finally, when the eventual breach does occur, buy enough Cyber Insurance to cover your recovery from a catastrophic breach event.