The importance of threat intelligence as a positive tool


Posted on: Oct 23, 2017 by Kevin Cooke

With an ever-expanding threat landscape, are you aware of how your organization could be targeted today?

In the digital economy, the grim reality that every business must accept is that it’s no longer a matter of ‘if’ but ‘when’ a security breach will occur. Traditional security solutions are not enough to protect against sophisticated cyber criminals who are increasingly successful at getting inside companies’ networks and compromising sensitive data. Organizations must recognise that an effective cyber security posture involves not only detection and recovery from compromise, but also a proactive approach to prevention.

Evolution of IoT security

With approximately seven billion devices connected to the internet worldwide today and 20 billion estimated to be connected by 2020, the risk to privacy, information leakage and size of an organization’s attack surface is increasing. Recent research1 has identified that, globally, the average total cost of a data breach is £2.79 million (£2.39 million in the UK). This does not account for the introduction of General Data Protection Regulation (GDPR) in May 2018, which will command stricter controls around the governance and protection of sensitive data. However, security concerns relating to the Internet of Things (IoT) span

much further than purely unauthorised access to data. IoT devices are still in their infancy when it comes to security, which makes them easier to target due to vulnerabilities such as software reconfiguration and default passwords.

Next generation of cyber attacks elevates business risk to a new level

The growth of IoT has led to a notable increase in cybercriminal activity and capability. Malicious actors have capitalised on the ability to quickly establish large-scale botnets. These are wide scale, coordinated attacks that use the IoT to spread through company networks and can result in major disruption called ‘distributed denial of service’ (DDoS). Sometimes known as ‘DDoS of Things’ attacks, they have become commonplace, with the most notorious being Mirai and Brickerbot in recent times. Industry analysts predict2 that ransomware will increasingly migrate to IoT and become a primary threat, potentially leading to significant impact on both commercial and critical national infrastructure.

Why organizations need proactive and strategic threat intelligence

Hacktivists, cyber criminality, state-sponsored attacks and insider threats combine to form a dangerous threat landscape for organizations today - not to mention the ease of access to ‘off-the-shelf’ attacks (such as malware distribution and phishing campaigns) available in the dark web marketplace. This plethora of threats emphasises the importance of maintaining awareness by effectively using threat intelligence.

Threat intelligence is not new and in relation to cyber security means: ‘evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard’.3

What is new is the ability to derive actionable intelligence from the sheer volume of threat intelligence now available. The value of threat intelligence is in helping organizations to prioritise actions in proportion to the threat and an analysis of overall risk. Over the years, organizations have attempted to introduce threat intelligence into their security tooling in order to detect and protect against known malicious domains, blacklisted internet addresses and other identifiers. The problem was, this intelligence consisted of millions of indicators that needed filtering and prioritising and were soon out of date.

In recent times, industry analysts4 identified three key levels of cyber threat intelligence:

  • Tactical: technical intelligence such as using threat indicators to proactively hunt for and defend against adversaries
  • Operational: intelligence focused on the motivations, intent and capabilities of adversaries
  • Strategic: intelligence about the risks and implications associated with threats used to inform business decisions and direct cyber security investment.

Identifying threats means that organizations can combine different levels and types of intelligence (including human intelligence) to obtain targeted, contextual threat intelligence in relation to their brand, their people and their technology. This proactive and structured approach adds immense value by enabling greater insight into what threats the organization faces, the tactics, techniques and procedures of its adversaries, and how this can be used to minimise business disruption and reduce the window of opportunity for threat actors.

Digital Vision for Cyber Security

This article is part of the Atos Digital Vision for Cyber Security opinion paper. We cover what every business should know about cyber security, why a concerted response is essential, and how to protect data, systems and services from any attack.

Share this blog article


About Kevin Cooke

Cyber Recon & Response Manager
Kevin is the Cyber Recon & Response Manager for BDS UK&I Cyber Security in Atos. With nearly 20 years of experience in the IT industry and 12 years specialising in cyber security spanning both Private & Public sectors, Kevin is now utilising his experience and knowledge by providing advanced cyber services to Atos customers. Responsible for emergency response services, Kevin provides end-to-end cyber security ranging from threat intelligence, threat hunting, security incident response and digital forensics. Certified in multiple industry recognised certifications and experienced working in financial, construction, government and professional services sectors, Kevin brings with him a wealth of experience that greatly compliments the services Atos offers to our clients.

Follow or contact Kevin