What role does intelligence have in cybersecurity?
Last month the US government announced the launch of its Cyber Threat Intelligence Integration Center (CTIIC). The brief is to provide intelligence that improves cybersecurity for all US agencies. It will achieve this by monitoring and sharing security events across and between the multiple hubs, nodes and networks that comprise the US government.
But it’s not just governments that need to take an intelligence-led approach. Cybercrime is a 24/7 challenge that affects everyone. Systems will be attacked, may already be under attack and may already be compromised. If your enterprise has anything of value you should expect this.
This is today’s security reality.
Security researchers at FireEye this year said: "Attackers are bypassing conventional security deployments almost at will."
The researchers claim 96 percent of systems were breached on average, and 27 percent of those breaches involved advanced malware.
Gartner estimates $70 billion was spent on IT security in 2014. $109 billion will be spent on cybersecurity for critical infrastructure alone by 2020, claims ABI Research, but are we getting bang for these bucks?
It’s pretty clear that virus protection and firewalls aren’t enough. Forty-three percent of companies experienced a data breach in the last year. Deloitte claims a 25 percent increase in data loss between 2013-14.
Global security spending is dwarfed by the cost of hacking, which costs the global economy over $445 billion, according to the Center for Strategic and International Studies (CSIS).
This is why threat intelligence counts.
security is smart
CTIIC will “connect the dots” between various cyber threats so departments and agencies are aware of these threats in “as close to real time as possible,” Reuters claims. Some of this information will be shared with the private sector.
If you think about the sheer number of departments, agencies and databases the US government runs (any one of which may be under attack at any time) then the value of this data may be a little clearer.
By combining information from lots of sources, the agency gains insights to enable it to predict security events, identify potential weaknesses, even to analyze traffic patterns to identify existing problems, threats and botnet attacks.
Enterprises can achieve the same with a CyberSOC. It can identify events that could signal a threat, such as port scanning, or a large number of requests from a single IP address. A combination of many of these suspicious activities can alert enterprises to a security problem that needs action.
Facebook has also launched a platform, ThreatExchange, where organizations can share information about the security threats they face in order to better fend off cyberattacks
Despite high profile security disasters such as those at Target, Home Depot or Sony, an astonishing 27 percent of companies still have no data breach response plan in place. There are signs that regulators are going to get involved.
For example, New York's Financial Services Department is planning targeted assessments of cyber security preparedness at insurance firms following the recent attack on health insurer, Anthem, in which the personal data of 80 million customers was compromised.
Digital transformation is driving development of new business, customer service, supply and sales software solutions, creating new threat vectors business leaders must protect.
In order to prevent your company falling victim to these many security threats, we suggest a number of steps to consider:
- The usual rules apply. Data encryption should be the norm. Passwords should be robust. Employees should be made available of the dangers of spear phishing. Security starts at its weakest point – some security firms recommend incentive-based schemes to encourage good security practice among employees.
- Enterprises should use industry standard protection, such as whitelisting applications on critical systems, multifactor authentication, intrusion detection and infection prevention tools.
- Ensure every machine on your network is appropriately protected – if you can’t secure it with strong protection, quarantine it from your core. (The 2013 Target attack saw attackers penetrate 97 different zones within the company network by “moving sideways through the organization”. FireEye has identified large numbers of APT insertions in which attackers are already inside enterprise networks.)
- In Canada a company called Camouflage replaces confidential data in files that don’t need it with fictitious but usable data, so attackers believe they have something valuable.
- To neutralize and identify attacks, some firms are developing security “honeypots”, fake computers loaded with fake data.
- UK firm Darktrace monitors enterprise networks to detect abnormalities that might be an attack. Those firewall and activity logs may well reveal probes against your security protection.
- Non-reproducible encrypted and self-destructive email systems are also being developed.
- Israeli start-up, Team8, is taking a proactive approach to security protection, developing systems to address flaws as it identifies them and then creating and shipping products designed to patch those problems.
Find out more about the Orange Business Service CyberSOC, a service that provides intelligent security awareness, analyzing information from multiple sources across the world. Read how you can achieve an intelligence-led approach to security in this article.