One of the key resources from the National Cybersecurity Centre (NCSC) designed to help board members govern cyber risk more effectively, the Cyber Toolkit for Boards, highlights a threat-led cyber risk management approach as best practice for organisations.
“Understanding the threats faced by your organisation will enable you to tailor your organisation’s approach to cybersecurity investment accordingly. You need to prioritise what threats you are trying to defend against; otherwise, you risk trying to defend against everything and doing so ineffectively.”
Taking a cyber threat intelligence approach to cyber risk management provides a vast range of benefits to organisations of all sizes and in all sectors. In many sectors, such as critical national infrastructure (CNI), it’s vital. It enables SecOps teams to:
- Respond to new and emerging threats quickly and appropriately.
- Focus their attention on key areas for improvement or remediation, maximising the productivity of limited resources.
- Communicate risk clearly and accurately across the organisation and build a culture of risk awareness and management among staff.
- Minimise risk within the organisation’s IT security environment and optimise overall cyber posture.
The NCSC recommends that all organisations consider acquiring a deeper level of threat intelligence, but this is particularly important for larger organisations with more complex IT infrastructure.
Traditionally, cyber threat intelligence was aimed primarily at the Security Operations Centre (SOC) within an organisation and used by teams responsible for monitoring, analysing, and responding to cybersecurity threats. SOC analysts are well practiced at analysing the information from threat intelligence feeds and turning this into proactive defence measures or actionable context for threat hunting.
Modern cyber threat intelligence, now far more consumable than it once was, is being used across the organisation to apply contextual intelligence to areas including:
- Third-party supply chain management: CTI is being used by organisations to improve the overall security and resilience of supply chains. In the wake of high-profile supply chain cyber attacks, such as the late 2020 Solarwinds attack, organisations have realised supply chain vulnerabilities present a significant security and compliance risk. Through due diligence, risk assessment, vendor selection, and even security training, CTI is now a core tool used to secure and monitor the supply chain ecosystem.
- Brand reputation: Teams responsible for managing brand reputation are also utilising CTI data to take a more proactive approach to monitoring and protecting brand assets. The real-time nature of CTI means it can be used as an early warning system to identify threats to brand reputation, from negative discourse on social media to brand impersonation on phishing websites. CTI can also be a valuable asset for competitor analysis and compliance monitoring.
Dark web mentions: Organisations need to know immediately if their data is being sold on the dark web. CTI-based dark web monitoring can identify discussions, activities, and data dumps that relate to your brand but that would not be visible or accessible in public forums. CTI helps you better understand hidden or underground threats and will immediately alert you if a group or individual is selling your organisation’s information, your customers’ personally identifiable information (PII), supplier information, or any other related information with the potential to damage your brand reputation.