Too often, agency leaders and cybersecurity analysts seem like they’re speaking separate languages. With both sides communicating about cyberthreats differently, getting everyone on the same page is one of contemporary government’s greatest challenges.
The wider the gulf between an agency’s teams, the more vulnerable it is to external danger. Today’s security landscape contains dangers everywhere, and cyberthreats won’t wait for agency workforces to unite against them. Agencies that don’t speak the same language as their employees and employees that don’t speak the same language as their agency leaders will find themselves constantly fighting cybersecurity fires.
Allan Liska, a Threat Intelligence Analyst at the cybersecurity firm Recorded Future, says intelligence-led security — cybersecurity guided by threat intelligence — can align every corner of an agency’s workforce. Liska shared three ways agencies can implement intelligence-led security.
1. Learn the same lingo
According to Liska, threat intelligence covers a vast amount of data from multiple sources. Whether it is social media, online forums or something else, that information must make sense to all relevant parties at an agency.
“In order to be good at threat intelligence, you must be able to tell that story,” he said. “You need to filter down that data, so it is useful to your agency.”
For example, solutions such as those Recorded Future provides can help agencies recognize IP addresses associated with cybercriminals. Using threat intelligence tools, agencies can detect these suspect individuals in places such as digital marketplaces. Analysts can then warn agency leaders about potential tactics — like ransomware — these cybercriminals might use against them.
“It presents a holistic view of everything that is important to your agency,” Liska said of threat intelligence. “Recorded Future can help with that translation.”
2. Rank the risks
Cybersecurity frequently resembles drinking from a fire hose in terms of understanding every threat. With the variety of perils constantly growing, agencies must separate the alarming from the aggravating.
“It’s understanding what an indicator for a nation-state looks like versus a minor annoyance,” Liska said. “This allows you to better prioritize which events you are going to go after and stop.”
Take unwanted browser plugins. Although obnoxious, ignoring these plugins won’t hurt agencies as badly if they overlook known cybercriminals. Distinct problems create distinct warning signs; understanding the telltale signs help agencies better defend themselves.
3. Spend resources wisely
For many agencies, there’s no denying their manpower, money and time are limited. According to Liska, threat intelligence can help them use their assets where they are needed most.
“You’re not spending money on new security tools,” he said. “Instead, you’re making existing security tools better. That allows you to get rid of tools that might be redundant or unnecessary.”
Fully realized, intelligence-led security gets agencies discussing cyberthreats coherently. It also helps agencies rank their obstacles and the best ways their available tools can overcome them. By making their security intelligenceled, agencies can outwit cyberthreats and focus on mission success.