HDM Cyber Cover Slide.jpg
Taking advantage of intelligence on cyber challenges
Nothing haunts CIOs, information security officers, and data professionals more than the fear of a data breach. Technology tools and data practices aren’t enough to truly prevent hacking, but the following steps will help health IT executives mitigate the risk.
TWO p1b0i73t8948oi7r146ncou92c7.jpg
What is cyber threat intelligence?
“Cyber Threat Intelligence (CTI) is timely, accurate and actionable threat, vulnerability and incident information that highlight indicators of compromise,” says Omo Osagiede, director and independent security consultant with Borderless-I Consulting, and a member of ISACA. “The object of a CTI strategy should be to improve your overall cyber security posture through situational awareness of, and targeted response to, security threats including malware, insider threat, espionage, hacktivism, cybercrime and other emerging threats.” Chief information security officers should be answering the following questions to best guard against cyber threats, Osagiede says.
THREE p1b0i742nf152e8keh11qsp10r78.jpg
How do I select the best threat intelligence vendors for my organization?
“The answer depends on your organization’s threat landscape,” Osagiede explains. “Working out your key threat actors (e.g., internal threats vs. nation-states) and threat vectors beforehand will point you towards the type of CTI feeds you need. Before purchasing, challenge vendors on the breadth, depth and industry relevance of their intelligence feeds.”
FOUR p1b0i746n113ad80u1joi1ksd8lj9.jpg
How do I make sense of CTI without drowning in a sea of data?
“With the volume of information available from threat intelligence sources, including open source intelligence (OSINT), vendors, and public and private sharing platforms, employing the use of big data analytics and visualization techniques is expedient,” Osagiede says.
FIVE p1b0i74bfh1kut17td1qve1j3l58ga.jpg
Do we have the right skills in-house to analyze all this data?
“Organizations often make the mistake of thinking that CTI is only needed at the technical level,” Osagiede stresses. “In reality, the right mix of CTI skills should include both technical (such as SOC analysts responsible for tactical security incident response) and nontechnical skills (for example, analysts who understand business priorities and are able to use CTI for strategic risk management).” He offers the following suggestions as best practices around cyber threat intelligence.
SIX p1b0i75m23j241ckdse656q1sith.jpg
Have a documented risk-based CTI strategy
“Understand your cyber threat landscape and determine what CTI feeds you need on that basis,” Osagiede says. “Additionally, document how CTI will be obtained, how frequently it will be collected, who will consume it and what they are expected to do with it.”
SEVEN p1b0i75t1p139tm3cv3nhnucpqi.jpg
Establish communication channels between CTI and business intelligence functions
“Do not lose sight of the operating environment when collecting and analyzing threat intelligence,” Osagiede says. “External business factors could provide additional insight into cyber threats and could help shape your CTI strategy.”
EIGHT p1b0i763ng67bs1j1504oc9ccoj.jpg
Expect to pay for good threat intelligence
Paraphrasing the words of Sun Tzu, when winning matters to you, “do not begrudge the outlay of a hundred ounces of silver for foreknowledge about your enemy,” Osagiede advises.
NINE p1b0i76b111m30nl11vde1hff1cnuk.jpg
Have a management-approved process for sharing intelligence
“When it comes to CTI, the growing refrain is ‘one for all and all for one.’ No one is an island these days,” Osagiede notes.
TEN p1b0i76oqf1skcmrlbmgrgi1es6l.jpg
Understand that you can’t buy institutional knowledge
“The best CTI resources are often those who already understand how your business works and who can bring that knowledge to bear on the analysis of CTI. Consider up-skilling internal resources before hiring externally,” Osagiede stresses.
ELEVEN p1b0i77166apachrncstogh6lm.jpg
Plan to act upon threat intelligence; don’t just collect it
“To get the best answers from CTI, we must first ask the right questions of the data,” Osagiede says. “Establishing CTI requirements upfront and anticipating changes to those requirements are important aspects of any strategy.”
TWELVE p1b0i77hkj6g656m192h51nbikn.jpg
Realize CTI may not make sense immediately
“Achieving the right balance between collection, analysis and delivery of actionable intelligence will take time,” Osagiede cautions.
THIRTEEN p1b0i77nbi15poc5j18lb1uat1qrso.jpg
Plan so that third-party IT suppliers complement your CTI strategy
“Every technology provider you use is part of your CTI strategy,” Osagiede says.
FOURTEEN  p1b0i780dppef22dg4ll3nt7p.jpg
Reap the benefits of a clear cyber threat intelligence strategy
“In a recent global survey of security executives, 36 percent of respondents stated that they did not have a threat intelligence program, with a further 30 percent only having an informal approach, while only 5 percent said that their organization had achieved an advanced threat intelligence function,” Osagiede concludes. “Having a clear CTI strategy could improve these stats and help organizations improve their anticipation and response to threats.”