An Intel-driven Approach to Cybersecurity and Why You Need It

An Intel-driven Approach to Cybersecurity and Why You Need It
Published on

The roots of cybersecurity go way back to when it was just about trying to protect organizations against viruses, trojans, and worms. The same viruses attacked all of us, and once we understood the attack, we could figure out ways to prevent it and apply those preventions across the board.

Fast forward to today, applying basic hygiene techniques and doing what everyone else does is just not good enough for modern attacks targeted at specific businesses. Hackers are now tailoring their attacks and making them unique to each victim. This has led to an evolution within the space where ticking off the base checklist is no longer the end game.

I’ve tried explaining this with a simple analogy in my book ‘Facing Cyber Threats Head On: Protecting Yourself and Your Business.’ Stopping a virus is like playing chess on a computer – figure out the right moves to win and those moves will work every time going forward.  However, with targeted attacks that are tailored and dynamic, it is like playing chess against grandmaster Bobby Fischer. We are no longer stopping computer programs. We are stopping people.

To address this new challenge, organizations need to create a dynamic layer of defenses that can be controlled and adjusted quickly. They also must understand the attacker and what they are doing within their environments or even within others’ environments. That way, they can understand some of the techniques, tactics, and procedures used by the attackers, and then adjust their defenses appropriately. A specific attack would have to face a set of dynamic defenses that no one else has.

Intelligence-driven Detection and Response Cycle

Targeted attacks are expensive and fairly difficult to pull off, but with the consumerization of technology, what is expensive and hard to do eventually becomes cheap and easy. These attacks have been limited to well-resourced attackers, usually nation-states. However, they are becoming cheaper and easier. We're starting to see organized crime execute targeted attacks with ransomware using techniques that were previously seen in nation-state attacks.

This changing cyberattack scenario demands a sense of proactiveness in understanding the attackers, what they are doing, and where they are doing it. Tracking them not just within your environment, but also inside others they may be attacking, and then using that intelligence to adjust your defenses. This is where the threat intelligence piece comes in – having solid intel capability to direct your defenses. This is the essence of intelligence-driven detection and response.

It is key to think of intelligence as a cycle – the more you know about the attacker, the more you catch. The more you catch, the more you know. This cycle feeds itself.

Where to start and how to proceed?

My book is an effort to help business leaders understand the cybersecurity challenges that organizations face today. They need to know how to approach these challenges.

Here are a few focus areas:

  • Meet the minimum compliance requirements and frameworks

  • Use the best security software and third-party packages to stop common attacks and knock down the noise (99% of what your organization will face is noise)

  • Focus on the top 1% of targeted attacks coming into your environment

If you are a key decision-maker, you should start off by understanding the regulatory and legal requirements of your business -- know your regulatory environment and the expectations your industry is held to. This is the baseline that defines the minimum requirement for your Information Security Program.

The next step is to understand your threat landscape. Do you have something unique that the attacker wants (for example, intellectual property) or do you have the same thing other companies have (for example, personally identifiable information)? In other words, do you have a bunch of buddies running from a bear or are you the only one running from the bear?

The answer to this question will help gauge how determined your adversary may be and therefore, how much you may have to invest in your defenses. It can be as deep as having a dedicated threat intelligence organization, or you can look for a partner who has the capabilities to address the problem and bring scale. A provider can bring in well-trained people who are constantly in the fight.

At the end of the day, regardless of your regulatory expectations and your threat landscape, an intel-driven approach is what you need to play chess against a human.

About the Author

Brian Minick is the Chief Information Security Officer at Fifth Third Bank, responsible for the company’s information protection program. Focused on protecting the customers, employees and information of a bank with over $140 billion in assets, Minick and his team are implementing and maintaining programs and solutions designed to take advantage of the latest IT technologies and capabilities. Minick oversees the implementation of security strategies that require multi-industry collaboration, regulatory compliance planning, and management of infrastructure obsolescence. He brings 20 years of diverse information technology and cybersecurity leadership and experience to this position. He is a noted speaker and published author on various cybersecurity topics.

The views expressed in the article are his own and do not necessarily represent that of the organization

Related Stories

No stories found.
CDO Magazine
www.cdomagazine.tech