With more connected systems and devices performing more individual tasks today, it’s imperative to keep them up and running and protected. This requires not just traditional security but cyber threat intelligence. Cyber intelligence has been around for quite a few years, with it being called many different things. To get good cyber threat intelligence, a cyber threat intelligence analyst must know what they are trying to gather intelligence on. In other words, if you’re trying to gather cyber threat intelligence on a credit card company, you need to have a good understanding of the financial industry. With the average cost of a data breach in 2020 exceeding $150 million and possibly getting a tarnished public image, companies will look to build up their cyber threat intelligence division.
Cyber threat intelligence helps solve everyday issues with security policy, strategy, even down to the defense layer. This is done by answering the following questions:
- Who are our adversaries?
- What are the adversaries using?
- Where are the adversaries targeting?
- When are the adversaries going to attack?
- Why are the adversaries attacking?
- How does the adversary operate?
Once a report has been created from the above questions, the organization can make changes to its policy to help mitigate and prioritize certain threats and modify any controls to align with the new security strategy. A cyber threat analysis that goes into more depth than just adding anti-virus software or a shiny new firewall adds a great deal of value to the company and its employees and customers.
Cyber Threat Intelligence Life Cycle
1. Planning and Direction
This is where the 5 Ws and How from above come into play. An organization might even want to see if other companies in the same industry are experiencing the same attacks.
2. Collection and Processing
This step builds on the first step. Since the information that needs to be collected will play a role in how an organization builds its cybersecurity structure, the information needs to come from reliable and trustworthy sources. A very good start would be from data within the organization, like network logs and scans. Another good source is from reputable security research companies.
During this step, the threat intelligence analyst tries to find any holes where an attacker can get in or has already gotten inside. If an attacker has already breached the network, a SOC analyst will get called in to investigate. With this information, the organization can choose to share it with the cyber community, so other organizations don’t fall victim to this attack.
Here is where the threat intelligence analyst creates a formal report which may include recommendations for the organization to make, whether it be in policy or at the defense layer, to help mitigate the risk of an attack.
5. Dissemination and Feedback
This is where the cyber intelligence analyst communicates their report and recommendations to senior leadership.
What does a Cyber Threat Intelligence Analyst Do?
Adding Cyber Threat Intelligence to your Organization
As outlined in 4 Key Capabilities of a Cyber Threat Intelligence Professional, adding a qualified cyber threat intelligence analyst would add immense value to an organization among a rapidly growing industry. The cyber threat analyst is also a very rewarding career. The video above describes the role of a cyber threat analyst in a way that gives her the fulfillment that she’s making not just a difference in her community, but worldwide. Becoming a Certified Threat Intelligence Analyst (CTIA) is the first step to take in making a difference in today’s ever-threatening cyber landscape.