Sometimes it's just plain hard to tell if your security team is really on top of things. They certainly seem to be, as they go about plugging security gaps, carrying out important-sounding procedures, and educating the rest of the staff about the dangers out there.
But your company's information security is a critical aspect of your business, and you have to be sure that your team is doing everything possible to safeguard business-critical data.
So how do you go about that?
The best way is to guarantee that their actions are guided by the appropriate threat intelligence, and to be sure that they're actually receiving that threat intelligence, compare their performance against the three warning signals outlined below.
They're Unsure About Your Own Data Leakage
The first area of threat intelligence needed by your team is information about any possible data leakage from your own company.
There is an alarming amount of proprietary company data that finds its way on to the Internet without any kind of internal awareness. That could be information about company executives or managers, logins, passwords, account information, and even sensitive or confidential data. Another big part of this is whatever information is leaked out inadvertently through the social media.
It all seems so harmless, chatting and exchanging information online with 'friends', but you can never tell who's watching and recording important company data in those harmless exchanges.
Legitimate threat intelligence could be gleaned by your security team simply by regularly polling the social media for any mention of your company's name, and by routinely checking the most common data dump websites.
This would allow a much quicker reaction to any potential leaks, and would provide your team with information on which internal leaks are in need of education about security risks and procedures.
They're Constantly Being Reactive Instead of Proactive
If your team is spending a significant amount of their time and effort putting out fires, they're already losing the battle. Good threat intelligence would put them ahead of the game, proactively implementing security procedures rather than reacting to the latest attack.
In this case, threat intelligence involves having a good idea of how and where cyberattackers will carry out their assaults. By knowing the likeliest areas of attack ahead of time, more effort can be spent shoring up those vulnerable areas to reduce the chances of an intrusion.
For instance, if your team were to conduct a comprehensive assessment of recent cyberattacks, they might find that attackers have been focusing their efforts on the Dynamic Domain Name System (DDNS). Having learned this, your security team can develop and implement a DNS response policy zone which would create the necessary protections against access from known suspicious IP addresses and domain names.
While this is only a single example of how good threat intelligence can turn the game around for your team, keep in mind that implementing a whole series of these safeguards just might put your team in a proactive position, rather than constantly playing catch-up.
If your team had a thorough knowledge of the most current tactics, techniques, and procedures (TTP's) being used by cyber-criminals, they would be able to get out in front of threats, instead of reacting to them after they've already happened. Not only can this reduce or prevent the damage from attacks, it's a much more effective allocation of personnel resources, as well as the time they spend on security issues.
They're Obsessed with Phishing
It used to be that no one in the C-suite even knew what you were talking about when you mentioned phishing, or they wondered why you were talking to them about your next fishing trip. Thank goodness we've progressed beyond that phase, and pretty much everyone is aware of what phishing is today, and how it can be one of the most serious security threats for any company.
In fact, cyber-attackers have taken their game to the next level with phishing attempts, and have become much more sophisticated as they troll for weak points in a company's security shield.
No one questions that steps need to be taken to educate all company employees about this danger, and that sound defensive measures must be implemented to protect against the threat. But let's face it - phishing is far from the only threat out there, and if your security team is spending way too much time and effort on phishing, chances are they're overlooking several other vulnerabilities which are lurking.
TTP’s: If your security team were to be mindful of tactics, techniques, and procedures used by cyber criminals, they would of course be aware that phishing is definitely a favored tactic, because exploiting human weakness is sometimes considerably easier than penetrating sophisticated security software and other protections.
Threat intelligence: in this area though, needs to go beyond simply knowing about phishing - it has to include knowing about the extent of this kind of threat to your company.
Being proactive in this situation involves implementing an ongoing program of employee education, and encouraging them to come forward about phishing attempts, so threats can be nipped in the bud.
Being proactive might also include installing honeypots on the company network to identify and deflect attempts at unauthorized usage of company computing assets.
There are two things which should be borne in mind about phishing attempts:
first, have your security team be as proactive as possible about fending them off, and
secondly, don't get overly obsessive about phishing. While phishing is undoubtedly a serious threat to your company's security, it certainly isn't the only one, and your team shouldn't be so focused on phishing that they overlook all the other threats out there.
Knowing About Threats Must Lead to Action
Threat intelligence is absolutely crucial, no doubt about it. But unless that threat intelligence is used to guide your security team's preventive actions, it has very little value at all. When the appropriate personnel in your company are provided with the threat intelligence they need to be effective, all kinds of proactive measures can be taken to help safeguard your company's information assets.
To make sure your security team gets the information they really need, there should be a continuing exchange between management and the team, so that the time and money needed to gather that crucial intelligence can be budgeted.
When your team receives regular information about the most current and dangerous threats of the day, they can then become a proactive force for your company's data security.
Know of Cyber Threats Before a Breach Happens
Get a threat Intelligence. assessment with no obligation or strings attached.
the existence of the following:
Email Account Breaches
Personal Identification Information
Infected Users With Malware
Deep and Dark Web Forums
Leaked Targeted Infrastructure
IP Addresses and Other Assets
New and Evolving Malware
Phishing or Spam Campaigns
Threats to Your Technology Stack