Supporting a Back-to-Basics Approach with Cyber Threat Intelligence

Cybersecurity is one of the leading boardroom issues. If data is corrupted, deleted, or encrypted with ransomware by hackers who demand a fee to provide the unlock code, a targeted cyber-attack can cause chaos for an organization – financially and reputationally.  

Indeed, a report by global insurer Lloyds of London said that attacks on computer operating systems run by a large number of businesses around the world could cause losses of $28.7 billion in terms of their financial, economic and insurance impact. As such, we’re seeing an increase in customer demand for services which ensure they can properly defend themselves from attacks which have the potential to put them out of company. 

One way of addressing this growing concern is through the use of Cyber Threat Intelligence (CTI). 

What is threat intelligence? 
In recent years, there has been a misconception that threat intelligence is a flood of IP addresses, domains and hashes, meaning businesses struggle to cope with the volume of information or aren’t at the right maturity level to understand and use to their benefit. 

Instead, CTI can be defined in many different ways. Whilst it can simply be a thread feed, threat intelligence can also be an invaluable early warning system in helping to identify and block potential threats before they escalate and become problems. 

Because we recognize the value of threat intelligence, at Fujitsu we routinely catalogue daily spam campaigns to derive intelligence, enabling a proactive understanding on threat landscapes which means we can offer rapid protection. 

In fact, at the end of last year, we uncovered a number of ransomware campaigns which delivered a family known as ‘Globelmposter’. Also known to deliver a large number of banking Trojans such as Dridex and Trickbot, this variant of ransomware was delivered by the Necurs Botnet. 

By spotting that threat and acting to block it, we were able to protect businesses and their valuable data. It was not about spotting a problem once it had hit. 

Why should organizations care? 
With GDPR around the corner, every single organization has an obligation to make data protection as much of a priority as the public, who are regularly asked to hand over financial and other personal data.

This is especially true when considering our latest report revealed that a fifth of the UK public believe cybercrime and hacking are the biggest challenges facing the UK today - above global economic uncertainty and the skills gap.
It can be challenging in any corporate environment to express the severity of a vulnerability as not only a technical risk, but also as a financial, human and business risk. 

As such, threat intelligence can be as simple as providing guidance on ‘protecting’ using basic defenses such as a patch management. Take last years’ NotPetya and Wannacry outbreaks as a prime example: the malware actually used an SMB vulnerability that simply needed patching. 

If more organizations had used CTI then it is likely this would have been picked up many months earlier, helping to reduce the amount of trauma caused to many organizations during these attacks. 
Adopting a more proactive approach 
In the digital age where so much data is stored, reacting to attacks isn’t good enough. CTI is about utilizing constant monitoring and smart analysis to block a threat before it does any damage – rendering it harmless. 

Whilst customers are right to be worried about the next strain of cybersecurity incidents, combining vulnerability management with threat intelligence will be a great use case for protecting corporate environments.

What’s Hot on Infosecurity Magazine?