Cyber Threat Intelligence (CTI) is the discipline of obtaining and filtering information regarding the occurrence and assessment of technical, operational, and physical threats in global cyberspace. In short, it’s the way your organization knows what relevant digital threats are likely to come from outside forces.
Breaking Down Strategic Cyber Threat Intelligence
Strategic cyber threat intelligence focuses on defining relevant cyber threats to your organization based on your business model, technology or cloud strategy, and market or geographic location. Your strategic concerns may include cybersecurity targets in a potential new market or geographic hotspots, the purchase of new technology, or a SaaS partnership. Sources of strategic threat intelligence should be an active component of your security program and must consider the:
- Information available to your organization through a commercial CTI platform
- Internal technology or cloud services strategy
- Corporate growth and marketing plans
- Product and Service delivery roadmaps
Pulling Data from a Commercial CTI Platform
If you use a commercially available CTI platform, you should be receiving a consistent flow of general business threats from various third-party sources. It’s likely that you defined your business needs, tech stack, geography, and product risks with the CTI service vendor when you purchased the service. If that relationship is over a year old or you never set requirements, it’s time to revisit that contract in light of the four points above.
Using Internal Technology or Cloud Services for Risk Evaluation
If you don’t use a commercial CTI service, you’ll still want to establish business-based CTI requirements that consider these four points with your SaaS or MSP security services and internal network and incident response teams. Subscribe to or monitor the cisa.gov catalog and alerts or other sources such as the MITRE ATT&CK Matrix and evaluate them for your tech, locations, and product lines.
Planning for Corporate Growth
Once you’ve got the information flow down you’ll need to build a framework to keep your requirements current. As your business changes, so will your CTI risk, so set up process-based triggers to revisit and review your CTI sources. Your CISO and cybersecurity teams must be aware of and engaged in updates to internal activities and direction so that they can provide focus and priority to your strategic threat intelligence efforts. For example, if you change where you do business through new business development or acquisition, you’ll need to redraw your CTI landscape, too. Moving to the cloud version of your accounting software, ERP, or HR system will impact your cyber threat profile. It’s possible your company’s new product line may create new visibility and exposure to cybercriminal activity. Your cybersecurity framework should be flexible enough to accept business changes and stable enough to manage and mitigate the threats those changes bring.
Implementing Product and Service Delivery Roadmaps
Lastly, allow your threat horizon to expand beyond traditional security to include threats to data privacy and corporate ethics declarations. Cybercriminal activity isn’t limited to political or financial gain. Recent attacks on works of art and infrastructure in the name of climate change, wealth disparity, and ethical concerns are likely to find avenues in the digital world too. As a CISO, consider executive direction regarding investment plans and ideological responses to ethics and social responsibility. Consider the results of Privacy Impact Assessments (PIAs), Business Impact Assessments (BIAs) or other non-traditional sources of technical information such as ethics audits or quality and compliance reviews in your strategic cyber threat intelligence planning.
Need help building Strategic, Operations, and Tactical Threat Intelligence into your Information Security Program? Contact Dayspring Technology at firstname.lastname@example.org or visit here to learn more.