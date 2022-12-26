Cybersecurity has always been a strategic business enabler. The difference today is that in a post-pandemic world, where organizations are struggling to wrest competitive advantage and battling continued business uncertainty, even the C-suite gets it. An August 2022 PwC study compiled from interviews with over 700 US execs found cyber ranked as the number one business risk – higher than talent acquisition, inflation and rising production costs.

An effective cyber threat intelligence strategy could be the difference between managing this risk successfully and letting malicious adversaries retain the upper hand. But even organizations well supplied with internal data feeds may struggle to obtain the detailed and contextualized external threat information they need to make faster, better informed security decisions. This is a challenge that spans industries and regions. Fixing it will require a similarly expansive and inclusive approach.

The Value of Threat Intelligence

There is emerging a concerning imbalance between network defenders and attackers. On the one hand, security teams are understaffed. The global shortfall of professionals is estimated at 3.4 million, according to (ISC)2’s 2022 Global Workforce study. They’re also struggling particularly inside the security operations center (SOC), where a myriad of siloed point solutions sap productivity, create visibility gaps and spit out an overwhelming volume of alerts. Research confirms that 70% of SOC teams are suffering emotionally as a result.

This comes amidst a flurry of spending on digital transformation both during and after the COVID-19 pandemic. It may have been necessary to support hybrid working, enhance business processes and create new customer experiences, but it’s also expanded the corporate attack surface. Over two-fifths of global firms believe this environment is “spiraling out of control.” With newly published CVEs on track to hit another all-time high in 2022, it’s easy to see why.

On the other side, threat actors continue to innovate. The ransomware-as-a-service (RaaS) model is thriving, earning participants billions of dollars annually. Fraud is also peaking on the back of stolen data, with 2021 another record year for scammers in the US. Plus, as threats from both cybercrime and nation-state actors’ worlds continue to merge, emboldened state actors are broadening their sights. It’s bad news for consumers, companies and governments.

Yet threat intelligence offers a rare opportunity to level the playing field with an agile, determined and increasingly well-resourced adversary. Whether it’s strategic, tactical or operational intel, it promises to unlock greater understanding of threat actor motives, targets and behaviors, with which to drive a more proactive security strategy. In this way, it could help everyone from senior executives as they make high-level strategic decisions to SOC teams looking to prioritize alerts. And fraud teams looking to alert customers with early warning of data theft, to operational teams who want to prioritize CVEs for patching.

The strategic importance of threat intelligence is such that President Biden’s Executive Order in May 2021 includes a lengthy mandate designed to remove information sharing barriers between contracting IT/OT service providers and the federal government.

Collaboration Considerations

Best practice threat intelligence should involve gathering and processing data from a wide variety of sources. These could range from government bodies to non-profits, academia, industry vendors and sector-specific bodies like Information Sharing Analysis Centers (ISACs). The data they hold might vary a great deal – from high-level white papers and presentations to more technical details like attacker tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs).