Cyber threat intelligence has been around for more than 20 years, but until recently it was only available to large enterprises like Fortune 500′s and government organizations. Our own Department of Homeland Security here in the U.S. is a large provider of cyber threat intelligence within government and with the private sector.
As the cybersecurity situation has continued to worsen globally, organizations have recognized that access to cyber threat intelligence is a critical element of a multi-faceted approach to keeping organizations safe. To put it mildly, the cybersecurity situation today represents one of the largest risks to our global economy. The amount of hacking that results in fraudulent financial transactions, data breaches, identify theft, theft of intellectual property and threats to our financial and critical infrastructures is at a level never before seen. The pandemic has only increased the activity among bad actors.
Most malicious cyber activity centers around two primary goals: 1. To disrupt an adversary by attacking financial systems, power grids, stealing state secrets and sowing dissent among populations and 2. Criminal enterprise which seeks to teal information for competitive gain or extort funds from unsuspecting organization. The latter is often also used by nation states looking to raise funds in the face of international sanctions that limit their economic capability.
So how does an average business defend itself in the face of such sophisticated threats? There are too many answers to this question to address in this one column. That said, cyber threat intelligence is one way and it’s finally accessible to small and mid-size businesses.
Simply stated, cyber threat intelligence is a feed of data that identifies emerging threats so that you can take steps to protect against them. The problem is this feed is massive and it is highly technical. Fortunately technologies exist to take in these feeds of information and make them more understandable and actionable. This is done through what are known as Information Sharing and Analysis Organizations (ISAOs) that your IT team or outsourced partner can join in order to have access to this information in a timely way to allow them to protect your company from an emerging threat.
This is not to suggest the average business should join an ISAO. This would only apply to a company that is large enough to have cybersecurity expertise within your IT team who will know how best to consume and act on this information. If you work with an IT partner, you should ask them if they belong to an ISAO and if so, which one(s). This will tell you that they are proactive and seeking out resources to help them help you be more secure. These organizations also provide critical information to IT services companies, to help them remain secure. No business wants to work with an IT partner who gets breached.
You’ll hear more about ISAOs over time as they become even more important to fighting back against bad cyber actors. They exist to keep you and your business partners are secure as can be, in the face of growing threats.