Cyber Threat Intelligence 101

As discussed in the video, there are many different ideas about cyber threat intelligence (CTI). However, we believe it is far more important to understand what CTI does.

As a recap, during the video, Stewart introduced you to the concept of attacker vs. defender and explained that cyber threat intelligence analysts advise on the best defence against the attacker(s).

This most certainly does not need to be a reactive form of advice, either. As an analyst, you will learn about the different threat actors and how they interact with organisations like your own or your customers so that you can provide proactive advice and guidance (hopefully) long before an attack has the chance to occur.

Cyber threat intelligence is an area of cyber security that focuses on collecting and analysing information about current and potential attacks that threaten the safety of an organisation or its assets.

Implementing this tactic allows organisations to take proactive steps to ensure that their systems are secure. By using cyber threat intelligence and analysis, data breaches and other issues can potentially be prevented, saving your organisation the significant financial costs of setting incident response plans in motion.

Cyber threat intelligence aims to give organisations an in-depth understanding of the threats that pose the most significant risk to their infrastructure and devise a plan to protect their business. CTI Analysts strive to provide as much actionable intelligence as possible.

Through analysis, you can develop an understanding of why a threat actor may attack your systems in the first place. Knowing the opposition’s motive can shed light on which areas of your systems could be the most vulnerable.

To round off this recap, we want to highlight some of the key reasons that organisations use cyber threat intelligence:

• Identify and assess potential threats to their networks and systems.

• Enhance their overall security posture by proactively taking measures to prevent attacks.

• Improve incident response efforts by having up-to-date information about known threats.

• Prioritise resources for the mitigation of high-risk vulnerabilities.

• Monitor external sources for signs of a potential breach or attack.

• Stay informed about malicious actors' tactics, techniques, and procedures.

Cyber threat intelligence analysts gather data to track, evaluate, and report on threats that could impact an organisation. They do this by combining contextual knowledge of the threat landscape with analytical abilities.

Analysts combine various sources, including private data collections and open source intelligence (OSINT) evaluation, to produce a complete picture of an organisation's risk posture, which informs the steps the business takes to mitigate these risks.

They create short-term and long-term evaluations to help security teams better understand the threats they face and what they can do to prevent attacks and breaches in the future.

As mentioned in this short video, we consider an analyst's goal to be creating insight through the combination of the art, craft, and science of CTI.

The roles and responsibilities of a CTI Analyst typically include:

• Identifying organisational intelligence requirements

• Collecting relevant data and conducting all-source analysis to inform decision-making process

• Identifying, monitoring, and assessing potential threats or weaknesses

• Validating that security qualifications and requirements are met

• Creating reports that highlight key findings for security teams and other members of the organisation

• Presenting findings to other teams and proposing counteractions to mitigate threats

A hacker is an individual who uses computer, networking, or other skills to overcome a technical problem. Over the years, the word has been used to refer to anyone who uses their abilities to gain unauthorised access to systems or networks to commit crimes. A hacker may, for example, steal information to hurt people via identity theft or bring down a system and, often, hold it hostage to collect a ransom.

In case you were wondering where the word 'hack' came from, it has been around since April 1955. It was used in a meeting of the MIT Tech Model Railroad Club.

The minutes from that meeting read: “Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing.”

The college students are also credited with shifting the term from model railways to computers in the 1960s.

When we talk about the attack surface within the context of cyber threat intelligence, we mean the sum total of all the ways a malicious actor or hacker could potentially gain unauthorised access to a target system or network. This includes everything from visible interfaces like websites or apps to the underlying protocols and technologies that enable communication and data exchange.

Think of it like a house - the attack surface would be all the doors, windows, vents, and other potential entry points someone could use to break in. In the same way, the attack surface in cyber security refers to all the entry points a hacker could use to gain access to a target's sensitive information.

Understanding the attack surface aims to identify a system's potential weaknesses and prioritise the most pressing threats. This information is then used to inform and guide the development of mitigation strategies to help prevent successful attacks and keep the target system and its data secure.

The intelligence cycle is at the core of cyber threat intelligence because it provides a structured framework for collecting, processing, analysing, and disseminating information about potential cyber threats. The intelligence cycle and its steps can be communicated in different ways depending on who you speak with, but some of the key elements that everyone can agree on are listed below:

• Defining what information is needed to support decision-making and security operations.

• Gathering data from various sources, such as open source intelligence (OSINT), proprietary databases, and sensor networks.

• Converting raw data into usable information by verifying, validating, and fusing it into a coherent picture.

• Assessing the significance of the information and identifying patterns, trends, and potential threats.

• Sharing the analysis results with stakeholders who need them to make informed decisions and take appropriate actions.

• The analysis's results will inform future collection and analysis efforts and validate the information's accuracy and reliability.

  
  

By following this structured process, organisations can ensure that they have a complete and up-to-date understanding of the cyber threat landscape and can take practical steps to protect themselves from potential threats.

Put simply, laws are structured rules that govern society. Ethics are generally considered moral values that an individual may establish as their own personal rules to live by.

Organisations may also develop internal ethics and guidelines that they expect employees to adhere to. Though there may be no legal consequences for not following them, ignoring them could result in the loss of employment.