The response was overwhelming. Of scores of companies surveyed last year that suffered a cybersecurity breach, 80 percent of respondents said that cyber threat intelligence could have prevented or minimized the attack.
The report, “Importance of Cyber Threat Intelligence to a Strong Security Posture,” covered more than 600 IT professionals in the U.S., and was released in 2015.
“The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks,” says a vice president of Webroot, which sponsored the survey.
Cyber threat intelligence, or CTI, remains new and evolving discipline, but one that is increasing in importance when it comes to assessing a supply chain and potential weaknesses.
“Organizations must also understand [the cyber security] risk in the context of their supply chains — whether they rely on suppliers spread across the globe to manufacture products, or whether they use IT services from a cloud provider,” notes a study by Aspen Insurance, in conjunction with the Columbia School of Business.
But what exactly is CTI, and how can it assist a supply chain analysis?
A CTI Definition
This field is still relatively new, and so definitions can still differ by provider.
“Cyber security goes far beyond being an IT issue: business activities, such as new product launches, mergers and acquisitions and market expansion, now have a cyberdimension,” notes a report by EY, a financial risk assessment and advisory company. “We all live and operate in an ecosystem of digitally connected entities, people and data.”
Understanding that ecosystem in a comprehensive manner forms the nexus of CTI, and also the reward for businesses whose leadership understands the strengths and weaknesses of their supply chain – where breaches may be most likely to occur, why, and how to prevent them.
As the security firm RSA notes, “The goal is to better understand the motives, capabilities and objectives of threat actors that might seek to target the organization so that adequate countermeasures could be implemented.”
The goal is enough foreknowledge that when an attack occurs, everyone is prepared to turn it away, or mitigate the damage, from the board room to the IT service desk, no matter where that threat happens across the company supply chain.
CTI is the strategic understanding of where that protection fits into the larger business model, how it works with other defenses, and what to do when it comes under attack, or if it fails, that elevates IT’s actions to fitting in with a more comprehensive CTI analysis.
In one example, an IT department purchases malware protection. That IT company is now part of the supply chain, as is the software it provides. Is one type of malware protection able to protect against enough potential encroachers? Is redundancy, in the form of another malware program, a better bet? Does the program adequately meet the needs of the entire supply chain, or does it cover just one section, and if so, where do the cyber security weaknesses lie outside of that software?
Another way to define what goes into CTI is to consider what Security Week calls the “squishy” parts – the analysis of what can go wrong, where, and when, which can be harder to pin down. That includes things like motives, capabilities, and objectives behind attacks, which means considering internal strengths and weakness throughout a supply chain, and how those strengths and weakness appear across a company’s functionality.
This is why an off-the-shelf CTI program often don’t work , and a detailed, top-down understanding on a business-by-business basis becomes key. The combination of supply chain, IT service and personnel needs doesn’t stay the same from one firm to another, and neither do the threat matrices they face throughout their supply chain.