6 Steps to Improve Your Threat Intelligence Platform
Cyber threats can come in many forms and shapes. From phishing attacks, social engineering
and worms, to APTs – just to name a few – your company should be on constant lookout for those cyber threats and
ways to prevent them. Otherwise, the impact on your finances and reputation with customers and shareholders may
prove to be too much.
This is why your company needs to have a solid threat intelligence platform in place. With it, you can have at
least some peace of mind when it comes to cyber threats that lurk around the online and offline world (remember,
not all such attacks come from the Internet).
However, the fact that just because you have one doesn’t mean you get to rest easy. Cyber attackers and hackers
are nothing if they are not a creative and persistent bunch constantly leveling up their game. Their attacks are
getting more sophisticated and subtle. In fact, according to Navigant’s Cyber Threat Intelligence Report Q1 2017
as many as 73% of IT security professionals in critical industries said their organization had suffered a
breach. The only way to oppose them and protect your company is to level up your game as well.
Here are 6 steps you need to take to make your threat intelligence platform better and ready for new cyber
1. Educate Your Employees and Management about Cyber Security
Threat intelligence isn’t just the job of CISOs and security analysts. If others in your organization, both below
and above you, don’t realize why it is important to act on it, your threat intelligence model won’t mean very
What many forget is that threats come not just from the outside, but from the inside of the organization as well.
Employees’ mistakes and negligence can be just as (and often more) destructive to your data as outside threats
by hackers, which is why you need to educate employees on these threats. This can be from as simple as “don’t
open suspicious attachments from your work station” to ensuring that they understand and follow established
company security practices.
As for managers and C-level suites, what you need to do is to breach the knowledge gap. CEOs, CFOs and other
C-level executives don’t understand when you talk to them about Man-in-the Middle attacks or Drive-by Downloads,
but they will understand very well when you explain it to them and show raw numbers demonstrating how this can
impact their budget.
2. Mix Passive and Active Threat Intelligence Gathering
There are three ways to accumulate threat intelligence, two passive and one active. They are:
- Open Source Intelligence (OSINT), which includes gathering publicly available data and information (books,
Internet, TV, newspapers etc).
- Signal Intelligence (SIGINT), or monitoring signals that come directly to your network.
- Human Intelligence (HUMINT), in other words, using humans as threat intelligence sources.
Most organizations rely on OSINT. This makes sense as it is freely available; there are many great TI platforms
to choose from, which offers, for the most part, good results. However, what these companies and their security
analysts fail to see is that OSINT doesn’t provide them with enough intelligence to spot threats that apply to
their organization specifically.
Whereas OSINT and SIGINT are both passive intelligence gathering, HUMINT is more active, but the problem is that
many organizations don’t have the resources to invest in it. However, that’s not necessarily much of a problem.
The Internet is full of valuable information from other people and you just need to collect and disseminate it
in a way that will help your organization.
3. Use the Right Threat Intelligence Tools
Threat intelligence analysis usually starts small, with an in-house data security team. But, as the organization
grows and threats become bigger and more serious, such approach is no longer enough and it becomes necessary to
grow their threat intelligence model.
Your IT team can quickly get bogged down in collecting, analyzing or identifying threats that they don’t have
time to respond when the attack actually happens. To make life easier for them and to be extra safe, you need to
take advantage of the right threat intelligence tools, like Threat Intelligence Platform or FireEye.
4. Think about Macro and Micro Trends
If your organization is to avoid a data breach, you need to pay attention to both macro and micro threat trends.
Just one micro breach can be enough to have even a large company on its knees.
By keeping an eye on macro trends and not just the current cyber threat landscape, you can put your IT security
team and the entire company in a good position to identify and adequately respond to micro trends as well.
One doesn’t go without the other. Focus only on micro and you are left vulnerable to macro trends, turn all your
attention to macro trends and you expose yourself to micro ones.
5. Act the Data You’ve Accumulated
So, congratulations, you’ve gathered your threat intelligence data. The question now is what are you going to do
with this data? How are you going to act on it?
Can you do that at all? If you can’t act on the data, why collect it in the first place? Threat intelligence data
won’t help you much if it cannot be acted on.
Organizations must decide for themselves if and how they will respond to what the data is telling them. If they
don’t have the resources to do anything about it, perhaps they would be better off focusing their time and
budget on incident response. At least until they grow confident enough to actually act on threat intelligence
6. Share and Let Others Share for You
Financial and health institutions, in particular, have a responsibility to share the information they’ve gathered
with other parties. This includes other financial and health institutions, law enforcement and others. Not only
are they regulatorily obligated to do so, but this way they also help others be more proactive when responding
to cyber threats themselves.
Of course, one could argue that it is not a good idea to share everything with your competition. And it’s not,
which is why you need to appoint a person in charge of communicating with external parties, and that person
needs to know to what level they can share information.
At the same time, while you’re sharing threat intelligence data with others and warning them of possible threats
coming their way, you should keep an eye on industry resources and information-sharing forums as well. Your
company is not operating in a vacuum, and forums like these are a good place to learn about the recent threats,
where they come from and how they can affect your business.
Threat intelligence is not something you can set and forget. No organization’s threat intelligence platform,
including yours, is fool-proof and threat overload is a serious problem for any industry. An infographic by
Anomali illustrates this perfectly as, according to it, 70% of organizations say they are swamped with cyber
Thankfully, there are ways to improve your threat intelligence model, like those 6 steps we’ve shown here. The
only thing you need to do is act on them.