Myths About Threat Intelligence SharingBy Balaji Kannaiyan May 15, 2018
As one of the most challenging issues of the 21st century, cyber security has become the prime focus of every business across the globe. With the Worldwide Threat Assessment declaring that the damage caused due to a cyber-disaster, can be far lethal than a hurricane. Several complimentary factors give rise to this thought. Like a possible role of an empowered insider to the scope of the attack and the use of social engineering to the widening range of the victims. Though, millions of dollars are being invested on endless research, still we seem to be miles away from achieving a concrete solution as the problem seems to get worse and even worse. Further in this article, let us try and expose the myths which surround and render cyber security as not being a complete fool proof solution for data safety.
Myth 1: Cyber Security – Is it a technical standpoint?
Factually: Most of the companies look at cyber security as a technical problem. Upgrading technology could be the best solution according to these organizations. This could not be a viable solution as technology alone cannot stop a user from clicking on a malicious link. Threats originate more from non technical aspects than technical aspects. By non-technical we mean, it could be related to certain business operations approaches or could be related to the economy or simply a psychological issue. Organizations could secure themselves and largely benefit with a focused approach to address the subject of cyber security by getting deeper into the aspects other than just treating the reason as a technical glitch. While being under the presumption that the other types of threats loom large as well, protecting their vital data systems and servers should be the priority. Well organized decision making systems would hugely benefit all organizations.
Myth 2: Intelligence feeds or shares will do little to address the global threat of cyber security.
Factually: Collective threat intelligence is the need of the hour. An organization affected due to cyber attack can share the incident with another organization immediately. Companies can share critical data pertaining to cyber security threats while they continue to independently grow in their own business ventures. Any incident of the nature of a cyber attack cannot be held within 4 walls of an organization and wait for the next 24 hours to roll out the information. Let us trigger a change in climate; Now and here; by sharing data and feeds pertaining to cyber security threats with groups having potential threats of a cyber attack. The watering hole attack on 6 of the globally recognized organizations for innovative research is a classic case study example.
Myth 3: Organizations lack well qualified manpower and tools to deal with these situations.
Factually: The advancement of security also increases the rate of complications. As a result, there is a substantial increase in the number of data points on which any security risk management team should conduct a routine search. Threat intelligence is about sharing the right information so the biggest threats can be identified easily and mitigated as quickly as possible. Cyber threat intelligence sharing is culminating in the development of platforms and standards that help organizations gather, organize, share and identify sources of threat intelligence. Cyber threat intelligence is also shortening the useful lives of attacks and is putting a heavier burden on attackers who want to stay in business.
Myth 4: Threat intelligence may provide occasional security from a cyber attack despite it being a very crucial and costly set of input.
Factually: Being ignorant about cyber attacks and cyber security is not a wise decision, to say the least. Attackers are constantly innovating and sharing threat techniques and we need to be doing the same. There is a considerable rise in cyber security breaches, globally. As a conducted survey reports, Year 2017 reported 868 security breaches and/or cyber-attacks. For the year, the worst months were August, October, and December with 90 each. January came in next at 89 reported cyber-attacks. The spring months saw a relative dip in attacks with those months averaging about 65 attacks. Operational threat intelligence - data that can be consumed by security solutions as opposed to consultancy - is advancing, making it far easier to use and accessible to organizations of all sizes.
Myth 5: Organizations need not bother about educating themselves with a detailed study of any type of cyber attack, as long as they stay secured.
Factually: Just as any data could be redundant, the cyber attacks could be redundant too! Protection will always remain the number one priority in any organizations agenda. It would definitely serve in the organizations interest to take a deep dive into the cyber attack and conduct a research on the possible causes as that would help them have a cautious approach in the future. Unfortunately, breaches will happen, so it is about reducing the time taken to respond by understanding previous events and where the organization is vulnerable. This means time can be better spent mitigating the problem and alerting those affected.
Sooner than later, threat intelligence would run a risk of becoming just another buzzword, a collective term for security tools – some of which do little to improve security. But by dwelling into threat intelligence we see a clearer picture. It allows organizations to be far more flexible and adapt to the threat landscape as it changes. This enables security teams in being more proactive and focus on what is important.
In a time where data breaches seem to be hitting the headlines almost weekly, with big fishes in the ocean of technology running out of oxygen, being flexible and able to respond to a breach quickly is crucial.
A change in mindset as explained earlier could help us with that all important momentum and thrust in making a real and visible progress. Watch this space and watch out for more as we deep dive into the ocean of cyber threats and unearth ways and means to swim our way through the data insecurity wave.