What is Cyber Threat Intelligence?
Originally published by New Context.
Fortunately, most people are not proponents or fans of armed conflict, especially on the nation-state level where the resulting destruction can be unimaginable. Yet, the wise among us realize that not being prepared to defend yourself, if necessary, can render you vulnerable to those with bad intentions. However, successfully battling harmful forces depends on much more than hardware. Perhaps the most important asset for success is intelligence. And this begins with fully understanding who and what threats you face.
Granted, business is not war, in the sense that lives are not lost and property is not destroyed. However, the life of your business can be at stake if cyber threats are not understood and plans to thwart them are not in place. Therefore, it is imperative to have and utilize cyber threat intelligence to provide the level of data security required in today’s digital environment.
Understanding Cyber Threats
Whether you already are leveraging the advantages of cloud security or are building a digital transformation roadmap, it is incumbent upon you to be aware of the threats that you may face in cyberspace. The following questions need to be answered.
What Are Cyber Threats?
The short answer to this question is that cyber threats are anything that can threaten the security of your data. This includes both external threats, where your data may be captured or compromised during transmission or reception with other systems, and internal threats, where stored data or secrets used to access data are breached. Types of cyber threats include:
- Phishing
Phishing is probably the most common and least sophisticated threat. Typically, the goal is to entice the voluntary disclosure of information or to convince the user to click on a link that will usually install a type of malware on the targeted user’s system. A more advanced form of this attack is called spear phishing, where information about the targeted victim is used to provide a more convincing inducement for clicking on a link. - Malware
Malicious malware is also common. Actions can range from taking over a computer’s function to crashing the machine or even erasing important files. Common types of malware include:- Trojans
Just as in the breaching of Troy via the supposed gift of a horse, trojans are intended to appear benign, but actually hide harmful code. - Ransomware
As the name implies, ransomware involves encrypting data so you can’t use it and then extorting some sort of payment to obtain the decryption key.
- Trojans
- Data breaches
Data breaches are the accessing of protected information by unauthorized sources. For businesses, the objective may be to simply embarrass the organization or to obtain proprietary information such as research, financial records, client and/or customer information, or other personally identifiable information (PII). - Denial of Service (DoS) attack
DoS and Distributed Denial of Service (DDoS) attacks include crashing websites and thus blocking an organization from providing service to its customers.
The list is not all-inclusive; for example, IoT devices, mobile phones, and even PCBAs can be targeted. Yet, the list does include the most important cyber threats to know. It is also worth considering where these threats come from.
What Are the Sources of Cyber Threats?
In addition to knowing what threats are out there, it is also necessary to know from where these cyber threats may be launched. Common sources that may target your enterprise may include one or more of the following:
- Individuals
Disgruntled or unhappy employees, individual hackers, or crackers may seek to steal information or simply wreak havoc. - Organized groups
Depending upon your business sector, threats may come from crime organizations or even terrorists. - Industry competitors
One of the most often overlooked sources of cyber threat are business competitors or industrial spies. Both national and international entities may target your data, especially R & D or other product information. - Nation state actors
If you think nation state actors only attack other governments, you would be wrong. An example that has gained a large amount of attention is the accessing and dissemination of privileged information from the computers of the Democratic National Committee (DNC) in 2016.
What Assets Do Cyber Threats Target?
The answer to this question is the same as for “What do thieves steal?” Simply put, anything that is thought to have value. For example, banking threats are most often focused on gaining access to account information, while for defense contractors, design, testing, and prototype data would be highly prized. Fortunately, just as cyber threats and sources continue to evolve, so do mechanisms to thwart them.
How to Use Cyber Threat Intelligence to Secure Your Data
With so many threats and sources, cyberspace can indeed seem like a mined field. However, by utilizing cyber threat intelligence, as defined below, victory over the enemies to your data security can be achieved.
Cyber threat intelligence is knowledge about the types of threats that may have an interest in targeting your data and systems, the likely sources for these threats, and their objectives. This intelligence is critical to the development of an effective data security strategy.
Cyber threat intelligence is knowledge about the types of threats that may have an interest in targeting your data and systems, the likely sources for these threats, and their objectives. This intelligence is critical to the development of an effective data security strategy.