A General Needs Intelligence
The CISO is the general in the war against cyber threats, ultimately responsible for putting together the human and technical resources to protect the enterprise and for placing them on the field of battle. Just as no good general goes into the field without intelligence about the capabilities and disposition of the enemy, no CISO can afford to defend against cybercriminals and hacktivists without knowing who they are, where they are likely to attack, and understanding their objectives and likely tactics.
And just as good military intelligence helps generals explain their actions and retain the confidence of their superiors, cyber threat intelligence can help CISOs and other senior IT executives communicate with the CEO and board about the threats facing their enterprise and how the IT organization is responding.
Challenges: Tough Decisions and a Deluge of Hype
The buck stops here: CISOs and senior IT executives have to make tough choices, deciding among competing budget requests for programs, staff, technology and services. They have to make critical choices about which investments are strategic for reducing risk. In order to make these choices, they have to prioritize threats relevant to their specific enterprise, which requires sifting through a continuous deluge of reports, analysis and hyperbole from media, analysts and vendors.
At the same time, CISOs and senior IT executives are expected to be responsive to questions from top executives and board members, many with limited technical knowledge. They need to keep executives appraised about threats to the enterprise and how the IT organization is responding to current and emerging over-the-horizon threats. Lastly, the CISO needs to educate the management team about the budget necessary to counter important threats to the business.
Use Cases for Cyber Threat Intelligence
There are four primary use cases for CISOs and senior IT executives using cyber threat intelligence: 1) Risk prioritization; 2) Risk assessment of new initiatives; 3) Planning, budgeting and staffing; and 4) Executive communications.
Those four use cases are summarized in Figure 1:
Figure 1: Cyber threat intelligence use cases for CISOs and senior IT executives
Join the conversation! Register for our live webcast this Thursday, May 26 at 11:00am EDT for a closer look at how Cyber Threat Intelligence in the board room.
How CISOs Use Cyber Threat Intelligence
Cyber threat intelligence helps CISOs and senior IT executives cut through the noise and focus on the threats most likely to have a major impact on their enterprise. Threat reports provide information on threat actors targeting specific industries, geographies and enterprise types, as well as on their tactics, techniques and procedures (TTPs). Threat diagnostics identify an organization’s threat profile, highlighting the threat sources actively targeting their assets and associated tactical and strategic implications. This knowledge enables CISOs and senior executives to prioritize risks to a given enterprise and identify appropriate policies, process improvements, and technologies for managing them.
Entering (or exiting) new markets and regions or adopting new technologies involve unforeseen risks. Cyber threat intelligence prepares enterprises for new initiatives by pointing out unanticipated threats, such as the cybercriminals who are active in new markets, hacktivists (and sometimes governments) that target companies operating in certain regions, and attacks that exploit vulnerabilities in new applications and technologies. This type of information can be obtained from threat analysis of new markets, regions and technologies, and from customized queries and discussions with cybersecurity researchers.
Planning, budgeting and staffing
Cyber threat intelligence can give CISOs and senior IT executives a strategic picture of their “threat landscape.” This includes a high-level view of the threat actors and threats they face, the information assets being targeted in similar enterprises, and available countermeasures. This information helps top managers assess their current security posture and make key decisions about investing in security programs, new technologies, and security staff with new skills. (See Figure 2.)
Figure 2: Threat intelligence enables CISOs and IT executives to plan, budget and staff based on accurate assessments of threats and risks
Today, CEOs and board members are bombarded with media reports about cybercriminals, hacktivists, and catastrophic data breaches. CISOs and senior IT executives need to be proactive about keeping top executives informed about genuine threats to the enterprise and why the IT organization is investing in specific programs, technologies and staff.
Threat intelligence can help CISOs and senior IT executives communicate with non-technical top executives in terms of risks and threats to the business and the financial and political goals of threat actors. It can help them respond quickly and accurately to questions about incidents publicized in national and industry media, as well as cybersecurity priorities. When incidents occur, threat intelligence can help IT executives better inform the CEO and board about potential responses, so everyone can agree on appropriate next steps.
The Bottom Line
Cyber threat intelligence can help your CISO and IT executives:
- Identify and prioritize risks based on threat intelligence that’s relevant to your enterprise.
- Assess the risks of new business initiatives with more confidence.
- Make better strategic decisions on security budgets and staffing.
- Respond effectively to incidents through a better understanding of threat actors and their tactics, techniques and procedures.
- Keep top management aligned about risks, threats, security preparedness and responses.
Register for our live webcast this Thursday, May 26 at 11:00am EDT for a closer look at how Cyber Threat Intelligence strategically enhances risk assessment and communicating relevance to the board.