Questions related to how security leaders can create the best threat intelligence programs for their organizations were recently covered in an episode of Cyber Security America with our own Deep, Josh Nicholson, who serves as Vice President of Professional Services & Customer Success at DeepSeas. While there are many questions an organization should address when adopting a threat intelligence program, below are three of the many that Josh answers in his podcast episode linked below.
1. How should our organization utilize threat intelligence?
Your threat intelligence program should be utilized in a way that directly promotes your organization’s mission. When you build a threat intelligence program to focus on a mission, your team, your organization’s leadership, and your Board of Directors is going better comprehend what you’re doing and understand how it directly affects business objectives.
2. What benefit does a threat intelligence programs have in a modern-day enterprise?
Think about how many missed the aggression that we saw come into Ukraine. All of the signs were there, but how many organizations were caught flat-footed when Russia invaded? Multinational enterprises had offices affected and there was activism targeting their senior executives. Many didn’t have a plan to address what should happen if a break off from network communications within Ukraine or even within Russia occurred. Even companies not operating within countries affected weren’t prepared with intelligence to inform how to quickly respond to a massive geopolitical event with a Playbook.
Nevertheless, this aggression was years old before the invasion. Part of the problem with having too much of a focus on bits and bytes when leaders say the word “cyber,” is that they forget that a threat intelligence program is what gives insight into people behind keyboards. There are nation states influencing their decisions and actions, which have an entire geo political impact. Your organization will benefit from a holistic approach to cyber security that leverages technology but also takes into account people and threat intelligence, because it will help your organization know what’s going on in the world and how it’s going to affect you next week, in the next year, and during the next decade.
3. What should we focus on if we don’t know where to start?
It’s important to recognize that most organizations won’t set off to build the best threat intelligence program internally, because it requires a depth and breadth of expertise that organizations don’t want to continually support as an in-house capability. But, if you’re the head of security and want to start thinking about adopting a threat intelligence program, the first most important step is figuring out where to get good information and how to inform your workforce in a way that reduces your attack surface as much as possible. Second, you’ll want to get an understanding of your actual landscape. A lot of security leaders may be tempted to read headlines and believe that every big headline in major publications could be a top problem, but that’s not true.
Rather than reacting to headlines, a threat intelligence program through DeepSeas leverages the military concept of threat landscape and leads you to a critical step in the process, which is intelligence preparation of the battlefield. This preparation will show you where your organization is on the map, who your peer organizations are, what’s hitting them, what has hit them historically, and what tends to affect your industry vertical industry. When getting started with a threat intelligence program, it’s critical to pay attention to where you fit, what assets you are charged to protect, and who could be targeting your organization specifically.
Tune into the Cyber Security America podcast to continue learning more from Josh and his guest from DeepSeas about the markers of the best threat intelligence programs in the world and how they can benefit your organization.