In addition to training employees and auditing important system changes, the use of global threat intelligence services can prove to be an invaluable contribution to your cyber security arsenal. Global threat intelligence provides you with an ongoing stream of information about current or potential cyber threats – both internal and external – which you can use to update your current strategy and tools.
According to The SANS State of Cyber Threat Intelligence Survey:
- 6% of respondents said they do not use threat intelligence (TI)
- 71% claim that threat visibility improved using TI
- 58% claim that TI has helped them respond to threats faster and more accurately
- 54% have said that TI has helped them detect threats which they were previously unaware of
- 48% claim that TI has helped to reduce the exposure of their sensitive data
- 39% claim that TI has helped minimize the damage caused by cyber-attacks by adopting more intelligent defence protocols
- 48% claim that TI has allowed them to reduce the number of incidents through early prevention
As you can see, threat intelligence services can be very useful. However, if you are thinking about taking advantage of TI, there are some things which you may want to consider before doing so.
Firstly, according to the report, most organisations are not able to use more than 100 threat indicators per week. The fact is, being able to accurately analyse and respond to TI threat indicators, requires a large number of highly skilled personnel. Based on the information that TI services provide, firewalls, and other endpoint security tools, will need to be updated according, and this can be a time-consuming task.
Not only that, but there’s also the danger that security staff spends so much time sifting through the flood of threat data, that they get distracted from focusing on some of the more basic security tasks. If you are going to pay for a TI service of some kind, you must have the necessary resources to be able to quickly and accurately interpret the data they provide.
At the end of the day, while such services can be useful, the majority of security risks boil down to human error, in some way. For example, the majority of security incidents relate to things like ransomware, insider misuse, lost or stolen devices, etc. As such, organisations would be better off investing their resourcing in security training, and ensuring that they are able to accurately determine who has access to what data, where and when.
Before you even think about using a TI service, you should first consider investing in a suite of tools which monitor the activities associated with your own staff. For example, solutions such as LepideAuditor enable organisations to detect, alert and respond to changes made to their sensitive data. This includes monitoring access permissions, suspicious file and folder activity, mailbox abuse, manging inactive user accounts, rotating passwords, and a lot more.