Is cyber threat intelligence emerging as a “vital” security approach?

Managing cyber security on an internet that was never designed to be secure poses a significant challenge for organisations.

New frameworks are needed to address cyber space’s unique characteristics and environments. Cyber threat intelligence has emerged as a vital approach to designing an effective security regime.

Dr Malcolm Shore, technical director, BAE Systems Applied Intelligence, says IT can no longer be protected by implementing a standard set of security controls.

“It is sobering to realise that the most prevalent security controls standard was originally developed in the early 1990s: 25 years ago and prior to the internet as we know it,” Dr Shore adds.

“Given the changes that have occurred since then, it’s no surprise that these controls are no longer adequate.

“There needs to be much more emphasis on the new approaches such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework if we’re to keep pace with our adversaries.”

With cyber space increasingly looking like a battlefield, Dr Shore believes cyber threat intelligence is vital to designing an effective security regime.

For Dr Shore, this means knowing who is attacking you, what their motives are, and how they execute their attacks.

The value of cyber threat intelligence lies in its ability to change an organisation’s posture from being reactive, responding to attacks when it’s breached, to being proactive, where cyber security defences are tuned to expect and deflect attacks.

For Dr Shore, cyber threat intelligence comes in two forms: operational and strategic.

Operational intelligence consists of data that can be used to configure cyber defence equipment such as intrusion detection devices.

Strategic intelligence is defined as knowing and understanding the potential threats and how they may affect the organisation. Both are essential for delivering effective protection.

Organisations can start to understand their adversaries by mapping the adversaries’ past activities and capabilities, historical and current affiliations, their readiness and objectives, and future ambitions.

According to Dr Shore, this lets companies set informed priorities for cyber defence investments, and respond faster and more effectively in the event of an incident.

“Cyber attacks are rarely carried out without clear motivation or as a single action, so one of the key goals of threat intelligence is to anticipate them,” Dr Shore says.

“So successfully defend against contemporary attacks requires a focus on new areas of cyber security including threat intelligence.”