[CAVIE-ACCI] In many ways, cyber defense is similar to boxing. You gauge the risk, anticipate the attack, decide how you’d defend and try to outsmart the hackers. What if you have a special technique where you can hear the hacker’s thoughts, smell his or her fear and predict the next move? You’d likely emerge the winner.
Cyber intelligence would help you do just that — you receive signals on an impending breach with insights on questions like: Who are the hackers? Why are you on their target list? What is their motive? When do they plan to strike? How will they do it?
With those answers, you can have clarity on your external threat landscape, and you can adjust your defense strategies to counter the unseen enemy. To do so, you need to blend cyber intelligence into cyber strategy, policy, security operations and people development.
Strategic Cyber Intelligence
Strategic Cyber Intelligence should answer a key question : do you have the right information and insights to provide to the senior leadership to help them evaluate cyber risk?
Strategic intelligence seeks to understand who the adversaries are, their motive, intention and potential impact.
Here are a few things you can expect from strategic cyber intelligence
- A deep understanding of emerging external threats and their impact on business continuity.
- The cybersecurity risk spectrum the organization is currently operating in (for example, critical, high, medium, low).
- Awareness of key assets and prioritizing their value to the organization.
- Ability to identify confidentiality, integrity and availability risks on your data and systems.
- Legal liability in case the risk materializes.
Here are a few tips about how to apply strategic cyber intelligence strategies
- Embed a risk-based approach in business decision-making by quantifying the organization’s digital asset, data and information flow.
- Use real-time insights to ensure your cybersecurity strategy stays agile and always relevant to the current business climate.
- Have a deep knowledge of the external threat landscape. This should be at the core of an organization’s business risk management and can be a tool to trigger a change in business priorities and drivers.
Management Cyber Intelligence
Management intelligence will give you insights into the readiness of your cyber perpetrators to launch an assault and inform you if you have the right controls to fend off the attack. Intel here will address what are the crown jewels and assets which are of interest to hackers. Here, the intelligence provided will answer this question : do you know your crown jewels and the core processes supporting them?
Here is what you can expect from management cyber intelligence
- Mature cyber processes to meet business objectives.
- Controls, process maturity and gaps identified to protect against cyberattacks.
- Validation of the effectiveness of security controls.
- An understanding of the digital assets, data and information that you need to protect.
- Knowledge of attack vectors that can compromise your crown jewels.
- The people, process, technology and policy needed to defend against cyberattacks.
Here are a few ways to apply management cyber intelligence
- Enable the organization’s business leaders to gain an understanding of the risk and impact of a potential breach.
- Identify remedial controls needed to contain risk and track its effectiveness.
- Support your cybersecurity program and provide a path forward to cybersecurity maturity.
- Be aware of the potential impact due to changes in your external threat landscape.
- Optimize resources and capabilities.
Tactical Cyber Intelligence
Tactical intelligence will help you drive security controls efficiently. You need to be aware of the latest cyber criminals attack methods, tools and techniques. The questions that this view of cyber intelligence needs to answer are: Do you know your attack surface? Are your cybersecurity controls effective against the external threat landscape?
Here are a few things you can expect from tactical cyber intelligence
- An understanding of which individuals and digital assets could be at risk and their corresponding impact on the organization.
- An understanding of the path of attack that an adversary can use to launch a campaign targeting you.
- Insights into tactics, techniques and procedures cybercriminals would use to execute cyber attacks.
- Knowledge of your security controls and their effectiveness and efficiency.
Here’s how to apply tactical cyber intelligence
- Guide threat analysis by ensuring intel can be ingested into the SIEM and SOAR to bolster the organization’s cyber defenses.
- Help the security operations center make “real-time” or “near real-time” decisions to defend against cyberattacks.
- Enhance security controls and improve operational efficiency by providing technical specifics around a cyberattack.
- Validate the effectiveness of security controls and of processes.
- Optimize resources to solve the most critical vulnerabilities.
The cybersecurity boxer uses all three types of intelligence so that even if a southpaw attack occurs, he or she is ready to return with a right hook, followed by an uppercut. Our boxer would have gathered insights into the opponent’s strengths and weaknesses, predict the next move and adapt defense on the fly. Our boxer is ready to take the championship with a resounding knock-out.
To build a strong cyber posture, let’s remember to float like a butterfly and sting like a bee.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?