How to cut through the data noise and leverage actionable security and threat intelligence

By Kristofer Mansson, CEO and co-founder, Silobreaker

 

When it comes to the power of good intelligence, it’s important to first make a distinction: data is not intelligence. Data is the raw material that needs refining before it can become a finished product – the intelligence that can prompt actions that keep businesses safe and secure.

Data can typically come in four distinct forms: open-source data, available from the internet most of us use; underground data, which can only be found on places such as the Dark Web; premium data, specifically curated and often only accessible behind paywalls; finally, there is internal data, often purchased or produced by organisations themselves.

It is fair to say we live in an age in which we are ‘drowning’ in data, particularly when you consider that the volume of data worldwide has grown by almost 5,000 percent between 2010-22. But how do we make sense of all this data, and why does good intelligence matter to businesses today?

Understanding the intelligence cycle

In the early-2000s, having the greatest amount of data gave businesses an advantage over others, but as the volume of data has grown, its unit value has decreased. It’s now less about the quantity of data organisations have but more about how to best use it. But in order to make sense of the overwhelming amount of data at their disposal, businesses need to be able to find what matters and learn from it in a meaningful way.

Kristofer Mansson

To do so, it is helpful to follow a basic intelligence cycle that consists of five distinct stages:

  1. The company considers what intelligence they need and why
  2. Data collection is undertaken from all or a subset of the sources mentioned above
  3. Data is processed by algorithms and other technology to read, contextualise and make sense of it
  4. Analysts examine the processed data and use tools to analyse it and produce the required intelligence
  5. The intelligence can now be disseminated back to the relevant teams and decision makers.

Once the intelligence is disseminated, key stakeholders can action it and use it to support their decision-making, as well as set new requirements for the next cycle. Of all the stages, processing of data is where technology plays the most critical role. Context and knowledge at speed is key for any intelligence operation, and humans are incapable of sifting through, reading and processing the amount of data available today.

Without the right perspective on threats and opportunities, a business’s decision-making abilities are significantly compromised, which can ultimately leave an organisation unnecessarily vulnerable.

Breaking down the intelligence silos

For security and threat intelligence to be the most effective, another key approach of is to break down traditional intelligence silos. To understand the threat landscape facing an organisation requires awareness of how intertwined threats and risks are across the cyber, physical, strategic and political spectrums. Data, systems, processes and teams and their workflows must reflect this new way of thinking.

It’s important to view the world of intelligence as more of a Venn diagram where cyber, physical, strategic and political intelligence all coexist with overlapping parts. For example, while an election may seemingly have little to do with cyber or physical risk on the surface, the leadup and outcome is likely to trigger phishing campaigns and other cyber activity from hostile actors, or spark a protest that could result in physical damage. As a result, what started in the political sphere can directly lead to harm in the cyber world, as well as the physical one.

For instance, a US-based bank with over 10,000 employees was initially concerned about physical security threats impacting their locations, ranging from crime and extreme weather conditions to fire and other potentially disruptive events. As a result, the bank turned to a centralised platform to gather the physical threat intelligence in an effective and timely manner, with information on everything from travel advisories and weather warnings to news reports and on-the-ground tweets. Once the security team saw the insights gained from physical threat alerts, they decided to expand the usage of the tool across cyber and other use-cases of the bank to help senior leadership make even more informed and timely decisions.

When it comes to cutting through the data noise, there is tremendous value in breaking down intelligence silos and embracing a more holistic and multi-disciplinary approach. With the right planning and perspective, businesses can be best prepared to predict, protect and respond to the broad range of risks and threats facing them today.

 

spot_img

Explore more