The key to succeeding in information security and cyber threat intelligence is recognizing what you’re dealing with, and adapting accordingly.
It’s not just a matter of being able to catch every single form of cyber attack; it’s about being able to direct your resources to spot the threats that can have disastrous consequences for your business or organization, and then having the tools to take appropriate action.
In order to do so, you need a process to provide structure to your team’s activities, and you also need access to high quality cyber threat intelligence (CTI) on potential threats.
CTI is more than just knowing about today’s top malware strains, APTs, or IOCs — it also requires understanding how an attacker might use any particular vulnerability, weak point, or even your own team to infiltrate your organization. The internet is full of information on how attackers work their way into organizations, but there are few places where you can learn how to develop the right questions your information security team should be asking.
Those Questions Have a Name
Priority Intelligence Requirements (PIRs) are those questions for which your cyber threat intelligence (CTI) team is seeking answers. Without PIRs, you will remain in reactive mode, just waiting for the enemy to attack, then doing what you can to reduce his effectiveness. Having a set of enduring PIRs — or, PIRs that do not regularly change — puts the odds back in your favor.
PIRs are only one small piece of the cyber threat intelligence lifecycle.
Side Note: A recent poll indicates that disagreement on what defines CTI is the most challenging problem CTI professionals face today.
If we cannot agree on what CTI is, then threat actors will continue to be one step ahead of us, and we’re always going to be playing catch-up.
Five Examples of Enduring PIRs Your Organization Should Be Asking
PIR 1: Where is our organization vulnerable to cyber attacks?
Asking this open-ended question should ignite your creativity to think not only about vulnerability exploitation, but also about weaknesses in your defenses (including your own team, vendors, third parties, and your supply chain).
PIR 2: What is our organization’s risk appetite?
This is a question you should be asking at least quarterly. Setting a regular time to ask this question will help to identify which tools are most appropriate to provide the level of protection commensurate with your organization’s risk appetite.
PIR 3: What solutions can we provide to better protect our organization from social engineering attacks?
Simply put, social engineering is not going away. Threat actors will continue to leverage social engineering as a tried and true method of gaining access to organizations of all sizes.
Protecting yourself from social engineering attacks is a key element of a defense-in-depth security strategy.
PIR 4: What are we protecting?
This is another question you and your team should be asking on a regular basis.
Asking this question will prompt you and your team to explore the nooks and crannies of the business to root out additional areas of the business requiring a better defense strategy.
Where You Go From Here
An information security process is only as good as the questions it asks. By asking these four key questions, you’ll be one step closer to to identifying threats that are most likely to impact your organization’s success or cause harm. These are not easy questions by any means, but they’re well worth considering if your goal is a long-term sustainable solution for safeguarding your organization’s interests.
If you’re interested in learning more about Cyber Threat Intelligence, check out The CTI Schoolhouse.
Got more questions? Message me on LinkedIn.