Managing cyber security on an internet that was never designed to be secure poses a significant challenge for organisations. New frameworks are needed to address cyber space’s unique characteristics and environments. Cyber threat intelligence has emerged as a vital approach to designing an effective security regime.
Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls.
“It is sobering to realise that the most prevalent security controls standard was originally developed in the early 1990s: 25 years ago and prior to the internet as we know it. Given the changes that have occurred since then, it’s no surprise that these controls are no longer adequate,” Dr Shore said.
“There needs to be much more emphasis on the new approaches such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework if we’re to keep pace with our adversaries“.
With cyber space increasingly looking like a battlefield, cyber threat intelligence is vital to designing an effective security regime. This means knowing who is attacking you, what their motives are, and how they execute their attacks.
The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.
Cyber threat intelligence comes in two forms: operational and strategic. Operational intelligence consists of data that can be used to configure cyber defence equipment such as intrusion detection devices. Strategic intelligence is defined as knowing and understanding the potential threats and how they may affect the organisation. Both are essential for delivering effective protection.
Organisations can start to understand their adversaries by mapping the adversaries’ past activities and capabilities, historical and current affiliations, their readiness and objectives, and future ambitions. This lets companies set informed priorities for cyber defence investments, and respond faster and more effectively in the event of an incident.
“Cyber attacks are rarely carried out without clear motivation or as a single action, so one of the key goals of threat intelligence is to anticipate them,” Dr Shore said.
“To successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.”