Threat Intelligence: The Context Agencies Crave

Recently, basic cybersecurity knowledge — such as which attacks are most common — won’t always keep agencies’ data safe. For scores of agencies, today’s threat landscape can change too fast for their workforces.

Fortunately, threat intelligence can prepare agencies for cutting-edge dangers. Threat intelligence adds the context agencies need by focusing on the latest threats in realtime.

According to Luke McNamara, Principal Analyst at cybersecurity solutions firm FireEye, threat intelligence can make the difference between cybersecurity success and failure. McNamara listed three ways agencies can sharpen their threat intelligence.

1. Know the enemy

Agencies are surrounded by cyberthreats. From nation-states to cybercriminals, the list of potential pitfalls is long.

McNamara suggested agencies become well-versed in the latest cyberthreats and how they operate. Like nature’s predators, many cyberthreats hunt specific prey using unique tactics.

“Threat attribution is understanding what group is conducting an operation,” he said. “You understand certain characteristics about their behavior. It can help you focus on the adversaries that matter most.”

Take the COVID-19 pandemic. During the crisis, agencies should monitor cyberthreats infamous for stealing healthcare data.

2. Polish cyber hygiene

Across the public sector, many employees are cybersecurity novices. According to McNamara, remedying this requires agencies to teach their workforces more than entry-level cybersecurity.

“The threat actors you need to care about are the ones who know how to social engineer your employees,” he said. “The human element on the defender side is incredibly important.”

Consider phishing, which often snares innocent victims. McNamara recommended agencies instruct their employees on how to recognize deceptive emails and other phishing techniques.

“It’s getting an email and trying to decide whether to open that attachment,” he said. “Understanding those tell-tale signs can go a long way.”

3. Use threat intelligence intelligently

Threat intelligence doesn’t help agencies if they aren’t smart about how they use it. According to McNamara, establishing and analyzing behavior patterns can help agencies cultivate stronger cybersecurity.

“It’s looking at the full spectrum of adversary activity,” he said. “It’s everything from the breach to remediation of these threats.”

Picture security controls, or the measures agencies take to avoid, detect, minimize or respond to risks. McNamara said closely examining their security controls can help agencies overcome cyberthreats.

“It could be someone that logged in from two different locations,” he said as an example of what security controls watch. “It could be a threat actor trying to move laterally into another system. It could be something that detects some sort of privilege escalation.”

Ultimately, security controls assist agencies by illuminating every potential cybersecurity adversary. Partnering with security control providers such as FireEye, agencies can track the full spectrum of potentially harmful activity worldwide.

The worst cyberattacks are the ones agencies never see coming. But with quality threat intelligence, agencies can stay alert to where cyberthreats might strike next.

This article is an excerpt from GovLoop’s recent guide, “Raising Agencies’ Cyber Intelligence.” Download the full guide here.

Leave a Comment

One Comment

Leave a Reply