Why Does Cyber Threat Intelligence Matter?

No time to read? Listen to this episode here:



Before we jump into the business of the day, here are cybersecurity news you might've missed this week:


  • Cybercriminals exploiting Excel 4.0 to spread malware. Unknown threat actors are currently exploiting Excel 4.0 software to spread malware such as Quakbot and Zloader. This report came after 160,000 Excel 4.0 documents created between November 2020 and March of this year were deliberately analyzed - a stunning 90% turned out to contain malicious payloads.

  • There is a new major ransomware campaign sponsored by the Iranian government. Folks from Flashpoint uncovered a major ransomware campaign backed by the Iranian government. In a statement, Flashpoint revealed that Iran's Islamic Revolutionary Guard Corps (IRGC) was sponsoring a contracting firm called “Emen Net Pasargard” (ENP) to launch attacks on unspecified websites and demand ransom in Bitcoin payments. Stay tuned for updates.

  • Chinese hackers exploiting backdoor to attack military agencies. Hackers with alleged ties to China have been exploiting the backdoors of military agencies in Southeast Asia. According to a report, these bad actors have been launching coordinated attacks between June 2019 and March of this year with the primary goals of data theft and nation-state cyber espionage.


And now to the topic of the day.


Why Does Cyber Threat Intelligence Matter?


In any historical period, the military valued one thing above all others before and during warfare: intelligence. Since ancient times, reconnaissance often made the difference between victory and defeat, allowing apt commanders to predict the adversary's movements, thwart their plans, and adjust their own strategy and tactics well in advance.


If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- A widely overused Sun Tzu quote, The Art of War

While physical warfare may be taking the backseat, in our 21st century we face a different kind of battle - the one happening in cyberspace. These days, nation-sponsored Advanced Persistent Threat (APT) groups and government-led intelligence agencies stop for nothing to help their respective countries gain the upper hand in global financial or military brawls.


As such, in the first half of 2020 alone, data breaches exposed 36 billion records over half of which contained sensitive personal information. 86% of them were motivated financially and 10% by espionage (both corporate and nation-state), but all carried severe reputational, financial, and operational consequences for the victim organizations, in many cases exacerbating the current COVID-19 crisis.


Not to mention that the cybersecurity industry itself faces numerous challenges these days - increasingly persistent and devious threat actors, a daily flood of data full of extraneous information and false alarms across multiple, unconnected security systems, and a serious shortage of skilled professionals.


So is there a way these attacks and the associated losses have been prevented altogether? The answer lies with Cyber Threat Intelligence.


What is Cyber Threat Intelligence?


Cyber Threat Intelligence (CTI) is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to an organization's assets, be it infrastructure, sensitive data, or even a key individual. This intelligence can and should be used to drive the proactive response to that menace or hazard.


A particularly interesting trend is Cyber Threat Intelligence sharing - think Interpol and Joint Task Forces - as most major intelligence agencies in the world have been pulling together resources and sharing information about known and obscure threats for decades. Now businesses are starting to do the same.


CTI circulating within a threat intelligence sharing community helps create a holistic, interconnected network of participants within a framework. When one gets compromised, peers are immediately aware of how the attack was launched, what was done right, and what could've been done better, helping prevent it from happening to others in the framework.


But what makes it a necessity for your business to spend money and effort on such proactive cyber risk mitigation measures?


The answer is simple: in the modern business environment, information is power. These days, many organizations still utilize a reactive, or worse, purely framework-driven approach to combating cyber threats. For example, compliance with ISO27001 or the like will give a business an illusion of safety, while actually obtaining relevant intelligence on how similar companies were attacked in the past, and placing preventative controls in place based on it is a lot more practical.


To summarize, having a well-developed Cyber Threat Intelligence capability within your business delivers the following benefits:


  • Empowers you to develop a proactive cybersecurity posture, improving overall business risk management and budget expenditures

  • Drives momentum toward a cybersecurity posture that is predictive, not just reactive

  • Enables early detection of threats to assets and individuals

  • Informs better decision-making during and following the detection of a cyber attack


All of which translates to a safer, less volatile business that protects both its staff, and its customers.


Don't forget to subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!

Recent Posts

See All