Listen to this article now
With so many threats flying around the digital ecosystem, it’s no wonder most companies are in a hurry to implement the latest and greatest cybersecurity tools. Case in point: threat intelligence. Basically, threat intelligence goes a step beyond cyber security to analyze threats so that your tech teams can manage them more efficiently. Done right, it can save your company tons of time and money by avoiding potential cyber crises. Unfortunately, most companies aren’t doing it right—and some still don’t understand what the term “threat intelligence” even means.
Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” To be fair, that’s a mouthful, which is probably why many companies are confused. In fact, I’m willing to bet most companies using threat intelligence shouldn’t be, at least not until they get a handle on their overall security needs and goals.
So where does a company begin to develop a smart threat intelligence strategy? I recommend starting with the steps below.
Differentiate Threat Intelligence from Cyber Security
Although they both try to do the job of protecting your company’s data, threat intelligence and cyber security are different beasts. As such, they require different skill sets—ones your current team may or may not have. As one writer put it, threat intelligence professionals are like scientists, whereas cyber security experts are like engineers. The first focuses on researching and making sense of huge amounts of data; the second works to apply it. Together, they’re a wonderful team. Apart—not so much.
Start Slow—and Grow Only if You See Results
Experts recommend that if you are set on launching a threat intelligence team, you should do it slowly—ramping up only when you’re able to see clear results from the data you gather and analyze. The goal of implementing threat intelligence is to support your cyber security teams, helping them sort and address the mass number of issues that threaten your company daily. After all, the Ponemon Institute’s study, “The Value of Threat Intelligence: A Study of North American and United Kingdom Companies,” showed that 70 percent of security professionals felt there was too much data to take action on it, and only 27 percent felt their companies were very effective in actually using the data to pin point actual threats. Before launching, be sure your cyber security and threat intelligence teams work together to define what a threat looks like for your company, how it will be classified, and how to measure the impact of preventing the attack.
Remember: Data Does Not Equal Intelligence
Being able to pull lots of information and trends from your cyber network will bring you piles of data—data that won’t mean anything if you don’t have someone there to synthesize it for a meaningful purpose. Says one writer, “[a]nalyzed data and information will only quality as intelligence if the result is directly attributable to business goals.” In other words, if you can’t answer the question, “How does this data help me run my company and serve my customers better?” you probably shouldn’t be implementing a threat intelligence program at all. Otherwise you’ll be spending a lot of money for data that isn’t doing anything meaningful for your company.
If you’re one of the many companies that has shied away from creating a threat intelligence team for your enterprise, props to you. Although you never want to be lax in your cyber security strategy, it’s important to make sure that every step you take is purposeful. Many of the companies utilizing threat intelligence today are spending lots of money with little impact—or else they’re using the term “threat intelligence” to describe an influx of threat data, rather than its meaningful analysis. Before starting one yourself, be sure to mind the steps above. It will save you lots of time and overwhelm—not to mention money that could be otherwise used to protect your enterprise.
Additional Resources on This Topic: