The space remains rarefied. Common focuses of strategic intelligence include historical trends, motivations, or attributions as to who is behind an attack. This level of intelligence enables information security teams to identify patterns in attacks, from which logical system rules can be developed that can then detect specific indicators of malicious activity. There remains no doubt that, behind the curtains of the military-industrial complex, the science of intelligence may have already advanced to such vaunted levels.

Warding off cyberattacks that are increasingly focused, targeted – and successful. ", "Time after time there are incidents where data is lost or compromised.

All of this makes strategic intelligence a solid starting point for deciding which defensive measures will be most effective. Managing Decreasing Public Tolerance For Cyberattacks, Why Deepfake Technology Isn’t Just Confined To The Political Sphere.

Provides a reference material for analysts to interpret and extract context for use in defensive operations.

It is an approach which has been questioned and even debunked by experts. Strategic Threat Intelligence Devising and constructing defences takes time, and cyber criminals are winning the war against businesses. However, it is most likely that any emerging data models in this space would be subsumed by governments, blanketed by the geopolitical compulsions around secrecy and sensitivity. Focuses on assessing and mitigating current and future risks to businesses. It calls for the creation of completely new intelligence taxonomies and ontologies, fusing the technical grammar of cyber operations with the vocabulary of international relations. Our Address: 10 London Mews, London, W2 1HY, © 2015 - 2019 IT Security Guru - Website Managed by Calm Logic. Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber attacks. Even the enterprise defenders have long acknowledged and writhed under David Bianco’s now legendary “Pyramid of Pain.” Yet, the dynamics of the CTI industry are such that they sometimes introduce more architectural and commercial constraints when it comes to creating strategically minded paradigms. COVID-19 And The Rise In Card Fraud: Biometric Payment Cards... Understanding Known Adversary Tactics And Techniques. Focuses on assessing and mitigating current and future risks to businesses. Questions such as: will bringing in additional security solutions really give that much more additional protection? By leveraging this data, organisations are better positioned to trade punches with tomorrow’s threats.

Espionage, crime and power projection fuse together in cyberspace. In order to sustain a strong security posture, an organisation must develop and answer questions specific to the business, many of which must be answered continually as situations and environments evolve. Understanding strategic (cyber) threat Intelligence – SC Magazine, How the MSSPs Can Strive to be Detection Ninjas – Infosecurity Mag, The Atlantic Council’s report on Iranian influence operations, “In cyber, the generals should lead from behind” – College of Air Warfare. Nonetheless, sustained, broader and over-the-horizon techniques can thwart threat actors which are only a blip on the radar of tactical CTI vendors when they regroup and resort to specific kinds of activity.

"It’s a clever trick as malicious acts are masked behind a symbol universally recognised to mean ‘secure’ and ’safe’. Why are you within scope for an attack? It also tricks customers into subscribing to intelligence that is completely irrelevant or non-contextual to their threat perception. The hybrid, below-threshold nature of modern conflict has brought non-combatants and industries directly into the crosshairs.

Before delving further into the problem, it must be understood that the kind of strategic intelligence that is being talked about here is not an overkill for a regular, run-of-the-mill defender. By deconstructing behaviours, traits and procedures spanning many cyberattack campaigns – rather than narrowing the visibility to just an ongoing attack – strategic intelligence methodically derives the actors’ limitations including finances, targeting criteria, operating structures, operational fluctuations, geopolitical imperatives, mission incentives, and boundaries of knowledge. Three Ways To Hack An Election: Election Security Is About... Post-COVID Cobot Security Is Looking Good, Targeting trends for industry sectors and geographies, Major attacker Tactics, Techniques and Procedures (TTP) changes over time, Attribution for intrusions and data breaches, Mapping cyber attacks to geopolitical conflicts and events (South China Sea, Arab Spring, Russia-Ukraine), Global statistics on breaches, malware and information theft, Carrying out a thorough risk analysis and review of the entire technology supply chain, Informing your executive leadership about high risk threat actors, relevant risk scenarios, and threat exposure in the public-facing technology sphere and criminal underground, Learning which commercial ventures, vendors, partners, and technology products are most likely to increase or decrease risk to your enterprise environment. A further look into Strategic Threat Intelligence. Is updating each and every legacy system worth the cost? Here’s an archived version: https://web.archive.org/web/20200730233821/https://www.scmagazineuk.com/understanding-strategic-threat-intelligence/article/1685804. ", Experts On 5.8 Million RedDoorz User Records For Sale On Hacking Forum, "Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. Ever since Mandiant broke the veritable geopolitical glass ceiling with its report on APT1, the industry has been on an unending quest to reach to holy grail of CTI: its strategic dimensions. Provides a reference material for analysts to interpret and extract context for use in defensive operations. On the other hand, well-endowed organisations such as signals intelligence agencies, defence services and top-tier companies have adopted models which are in complete contrast to the approaches of the industry. Questions such as: will bringing in additional security solutions really give that much more additional protection? You may change your settings at any time. This level of intelligence enables information security teams to identify patterns in attacks, from which logical system rules can be developed that can then detect specific indicators of malicious activity. What can you do to reduce your risk profile? Who are my enemies and how might they attack me? The original link seems to have died. Fine-tuning defences around attack-centric threat models. As defined by Gartner, it is “evidence-based knowledge…about an existing or emerging menace or hazard…to inform decisions regarding the subject’s response to that menace or hazard.” Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps you make better decisions about how to prevent bad things occurring to you or your organisation. This gives insight into the following: For example, if you are in the education sector, you may wonder what nation states and threat actor groups you should be concerned about, or where you need to focus your resources to reduce risk of an intrusion and theft of intellectual property. People now advocate “Assume Breach,” bringing down the dwell-time, and decreasing the incentives while increasing the costs for the adversary. Would love your thoughts, please comment. With strategic intelligence, you can answer questions like who is attacking your organisation and why??

Its rinse-and-repeat cycle ends as soon as minimal credible visibility over the ongoing attack campaign is gained, and then the focus shifts. Driven by a highly competitive environment, vendors provide millions of atomic threat indicators, which sounds impressive but carry little practical value.
Written for the SC Magazine. ", Almost Four-In-Ten Data Breaches Are Caused By Stressed, Tired Employees, "The attackers have apparently stolen RedDoorz complete database. Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber attacks. From Lazarus and APT28 to APT39 and Winnti, we are witnessing the brazen expansion of the remit of the threat actors as their offensive toolchains keep on harnessing the institutional memory of generations of regimented cyber operators.
", "The aperture for spoofed and malicious sites increases as entities seek to exploit wider vulnerabilities.

Who are my enemies and how might they attack me? Threat intelligence helps organisations to tackle these questions and make more informed decisions with context. As defined by Gartner, it is “evidence-based knowledge…about an existing or emerging menace or hazard…to inform decisions regarding the subject’s response to that menace or hazard.” Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps you make better decisions about how to prevent bad things occurring to you or your organisation. Indicators are often changed quickly though, meaning that it is important for operational and strategic intelligence to also be incorporated into decisions. Such organisations focus on curating strategic CTI which is more adversary-centric than attack-centric. It has become an indispensable accessory to the conventional enterprise architecture and is largely driven by the following imperatives: Anticipating the ever-evolving threat landscape.

Strategic threat intelligence is invaluable, incorporating expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber attacks. By leveraging this data, organisations are better positioned to trade punches with tomorrow’s threats. Is updating each and every legacy system worth the cost? All of this makes strategic intelligence a solid starting point for deciding which defensive measures will be most effective. Legendary threat researcher Juan Andres Guerrero-Saade of Google Chronicle has laid the ideological testbed for what is called “Dynamic Threat Actor Profiling.”. This gives insight into the following: For example, if you are in the education sector, you may wonder what nation states and threat actor groups you should be concerned about, or where you need to focus your resources to reduce risk of an intrusion and theft of intellectual property. The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning!

Common focuses of strategic intelligence include historical trends, motivations, or attributions as to who is behind an attack. ", "Every employee has access to email, meaning that every employee can potentially cause an inadvertent insider data breach. CTI feeds do sacrifice depth for scale. Helps fuel meaningful detection, incident response and threat hunting programs. In March 2020, Booz Allen Hamilton released a fascinating dossier analysing the cyber operations of GRU, the Russian military intelligence agency, spanning 15 years. What major trends are happening? The good news is that the industry has slowly albeit reluctantly veered towards introducing a semblance of interoperability and collaboration into the CTI ecosystem. It is often the case that the attack infrastructure related to one actor gets misattributed to the other; and the real intent or motive of a cyberattack remains shrouded in mystery due to hurried misjudgements. What can you do to reduce your risk profile? Supplying a steady stream of intelligence datasets and feeds to in-house systems to bolster tactical situational awareness. There are generally three ’levels’ of cyber threat intelligence: strategic, operational and tactical, which serve different functions. By leveraging this data, organisations are better positioned to trade punches with tomorrow’s threats.