Have you ever had a situation, either personally or professionally, where you’ve reflected, how you wish you’d had further information before making a decision. I think we probably all have.
In the law enforcement world where I started my professional career, intelligence was paramount. Back then, ridiculous as it seems, we used to submit written reports to our Local Intelligence Officer who would collate it, circulate it to the appropriate areas, and then file it. That intelligence helped us build up a picture of activities on our patch – sightings of known criminals and their associates, vehicles being used, etc. We’d use that intelligence to take action, both preventative and reactive. The method was clunky at best – things were more efficient beyond local station level – but absolutely key, nevertheless.
Intelligence takes many different forms, such as business intelligence, but in our world it’s threat intelligence. Techniques being used, stolen data being sold on the dark web, conversations amongst the threat actors about vulnerabilities they’ve identified or exploited, criminals looking for a particular skill set they need. All this type of information provides clues about intent and target. So having access to this type of information can help you keep one step ahead of the criminal. It may not provide an exact roadmap of their intent or schedule but not paying attention is surely unwise. As they say, forewarned is forearmed.
Common counter arguments we often hear are, “We’re too small a business to be a target” or “We don’t do anything of financial value”. Certainly, your organisation may not be as attractive a target as a financial institution for example, but please don’t fall into that trap. The value to the criminal is the mere fact you have something that is valuable to you: your ability to remain operational, to be able to deliver your services, your data, your customers. And that to them is a vulnerability that can be exploited.
Let’s consider some simple maths. Targeting 20 smaller, perhaps less well protected organisations, and demanding £100,000 in ransom to unlock encrypted business critical data is easier and more effective than targeting one large corporation with their vast investments in cyber security that they need to break through and demanding £2m for its release. What’s more, they’re unlikely to go out of business. The business impact on those smaller organisations, either at the time or trying to recover is less predictable.
And it’s worth recognising that even if you’re not the intended target of an attack, you may be in the unfortunate position of being collateral damage. An attack on a supply chain is a common ‘back door’ in. Organisations are now putting significant focus on supply chain vulnerabilities, and rightly so.
Sometimes threat intelligence is viewed as this big mysterious mechanism. As in most things, it comes in all shapes and sizes. Take a virus scanner as an example. A new virus is in the wild, its spotted, virus scanners produce a new fix to counter it, and the fix is distributed globally. This is threat intelligence at its most basic level. Even if intelligence isn’t about your organisation specifically, details of attacks targeting your business sector are incredibly valuable. That threat intelligence is what allows you to keep a step ahead and is what disrupts them, causing them to change tack.
There are other business drivers for threat intelligence, such as requirements set out in ISO27001:2022, and it’s a valid one. But it is important that using threat intelligence to protect our businesses isn’t viewed as a check box exercise.
A fundamental principle of threat intelligence is sharing. We may be competitors in business, but we all have a vested interest in keeping the internet safe. In order to conduct business, to deliver care in the community, to keep our hospitals running, we have to work together to keep the criminals out. I like the analogy of wagons circled in an old Western film; we’re stronger together and stand a far better chance of success of repelling attacks.
Whatever the depth or quantity of the threat intelligence available to you, whoever is your preferred provider, please think seriously about using threat intelligence to protect your organisation. Don’t let the criminals get the upper hand.
If you would like to know more about how threat intelligence can help you, we are available to help. Our service offers operational, brand and vulnerability intelligence, reducing your exposure to cyber criminals.
For more information about our threat intelligence offering call 0845 58 27001.