[BreachExchange] How To Defend Against Hackers: Three Cyber Intelligence Viewpoints

Mon May 3 10:29:14 EDT 2021

https://www.forbes.com/sites/forbestechcouncil/2021/05/03/how-to-defend-against-hackers-three-cyber-intelligence-viewpoints/?sh=6c4ee6fc2c91

Imagine you are in a boxing ring. Your opponent is masked and in a fighting
stance. You have been training for this day. The boxer throws a punch,
aiming for your jaw, and then a jab, and then another and another. Then,
when you raise your hand to a high guard, the boxer suddenly executes an
uppercut — this time straight into your belly.

In many ways, cyber defense is similar to boxing. You gauge the risk,
anticipate the attack, decide how you’d defend and try to outsmart the
hackers. What if you have a special technique where you can hear the
hacker’s thoughts, smell his or her fear and predict the next move? You’d
likely emerge the winner.

Cyber intelligence would help you do just that — you receive signals on an
impending breach with insights on questions like: Who are the hackers? Why
are you on their target list? What is their motive? When do they plan to
strike? How will they do it?

With those answers, you can have clarity on your external threat landscape,
and you can adjust your defense strategies to counter the unseen enemy. To
do so, you need to blend cyber intelligence into cyber strategy, policy,
security operations and people development.

Strategic Cyber Intelligence

Strategic Cyber Intelligence should answer a key question: Do you have the
right information and insights to provide to the senior leadership to help
them evaluate cyber risk?

Strategic intelligence seeks to understand who the adversaries are, their
motive, intention and potential impact.

Here are a few things you can expect from strategic cyber intelligence:

• A deep understanding of emerging external threats and their impact on
business continuity.

• The cybersecurity risk spectrum the organization is currently operating
in (for example, critical, high, medium, low).

• Awareness of key assets and prioritizing their value to the organization.

• Ability to identify confidentiality, integrity and availability risks on
your data and systems.

• Legal liability in case the risk materializes.

And here are a few tips about how to apply strategic cyber intelligence
strategies:

• Embed a risk-based approach in business decision-making by quantifying
the organization’s digital asset, data and information flow.

• Use real-time insights to ensure your cybersecurity strategy stays agile
and always relevant to the current business climate.

• Have a deep knowledge of the external threat landscape. This should be at
the core of an organization’s business risk management and can be a tool to
trigger a change in business priorities and drivers.

Management Cyber Intelligence

Management intelligence will give you insights into the readiness of your
cyber perpetrators to launch an assault and inform you if you have the
right controls to fend off the attack. Intel here will address what are the
crown jewels and assets which are of interest to hackers. Here, the
intelligence provided will answer this question: Do you know your crown
jewels and the core processes supporting them?

Here is what you can expect from management cyber intelligence:

• Mature cyber processes to meet business objectives.

• Controls, process maturity and gaps identified to protect against
cyberattacks.

• Validation of the effectiveness of security controls.

• An understanding of the digital assets, data and information that you
need to protect.

• Knowledge of attack vectors that can compromise your crown jewels.

• The people, process, technology and policy needed to defend against
cyberattacks.

Here are a few ways to apply management cyber intelligence:

• Enable the organization’s business leaders to gain an understanding of
the risk and impact of a potential breach.

• Identify remedial controls needed to contain risk and track its
effectiveness.

• Support your cybersecurity program and provide a path forward to
cybersecurity maturity.

• Be aware of the potential impact due to changes in your external threat
landscape.

• Optimize resources and capabilities.

Tactical Cyber Intelligence

Tactical intelligence will help you drive security controls efficiently.
You need to be aware of the latest cyber criminals attack methods, tools
and techniques. The questions that this view of cyber intelligence needs to
answer are: Do you know your attack surface? Are your cybersecurity
controls effective against the external threat landscape?

Here are a few things you can expect from tactical cyber intelligence:

• An understanding of which individuals and digital assets could be at risk
and their corresponding impact on the organization.

• An understanding of the path of attack that an adversary can use to
launch a campaign targeting you.

• Insights into tactics, techniques and procedures cybercriminals would use
to execute cyber attacks.

• Knowledge of your security controls and their effectiveness and
efficiency.

Here’s how to apply tactical cyber intelligence:

• Guide threat analysis by ensuring intel can be ingested into the SIEM and
SOAR to bolster the organization’s cyber defenses.

• Help the security operations center make “real-time” or “near real-time”
decisions to defend against cyberattacks.

• Enhance security controls and improve operational efficiency by providing
technical specifics around a cyberattack.

• Validate the effectiveness of security controls and of processes.

• Optimize resources to solve the most critical vulnerabilities.

The cybersecurity boxer uses all three types of intelligence so that even
if a southpaw attack occurs, he or she is ready to return with a right
hook, followed by an uppercut. Our boxer would have gathered insights into
the opponent’s strengths and weaknesses, predict the next move and adapt
defense on the fly. Our boxer is ready to take the championship with a
resounding knock-out.

To build a strong cyber posture, let’s remember to float like a butterfly
and sting like a bee.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210503/0accf5b6/attachment.html>