Organizations are starting to view cybersecurity as an operational challenge rather than as an IT issue. Facilities, employees, and executives are increasingly connected to the Internet and the physical security of these assets gets more complicated as it evolves. What is most notable about this change is the growing interconnectedness of security challenges, both cyber and physical, so that lines are blurring between these two previously distinct operational departments. Threat intelligence lies at the intersection of these two disciplines.
A technical approach to cybersecurity that focuses solely on dealing with a data breach after it has occurred leaves opportunities open for hackers. Having tools in place for proactive detection will allow your security team to identify red flags and better prevent a data breach before it takes place. While hackers are one source of a data breach, up to 34% are as a result of insider threats. In the healthcare industry, the situation is at its worst, with up to 60% of data breaches caused by insiders. Sometimes innocent and accidental, other times malicious, and occasionally activated as a state-sponsored threat, insider threats cannot be resolved by traditional means available to cybersecurity.
Physical security disciplines are changing as well, and are no longer grounded entirely in the physical world. Take for example executives. The safety of executives can also include combating instances of impersonation, digital threats from stalkers online, and other tasks requiring a wider range of skills and information than in the past.
In fact, the more interconnected everything is, the more challenging it is to pinpoint where departmental responsibility lies. Facility security and the advancement of IoT technology means that threat actors can gain access to critical operations, and possibly perpetrate further breaches into other connected systems. Instances of brand impersonation or social media hijacking can be better jointly solved if marketing and brand teams work with IT departments. Email phishing, one of the ways hackers use to breach accounts and systems illegally, should be top of mind for all employees. Third-party vendor screening cannot only be considered from legal and brand standpoints, but cybersecurity professionals should also be involved to mitigate future breaches.
Threat Intelligence for the Whole System
Security operations are evolving, and are currently in a state of flux, moving too slowly to keep up with the rate of technological advancement. Common ground is needed to ensure nothing falls through the cracks. Where security operations converge, threat intelligence provides the common ground.
System thinking looks at the whole system by better understanding the different parts and how they are connected and impact each other. It makes use of the collective intelligence of the whole organization, rather than focusing on departments and traditional silos. Using a system thinking viewpoint to approach threat intelligence can provide long-term and substantial improvements to security operations for the entire organization.
Peter Senge’s theories on system thinking provide for three primary characteristics, which help serve as a basis for holistic threat intelligence. Figure 1 summarizes the connection between these system thinking theories and holistic threat intelligence.
Figure 1: Incorporating Peter Senge’s System Thinking Theories into Holistic Threat Intelligence
Commitment To Learning
Organizations must be committed to learning about the different parts of the system and how they impact each other. This involves understanding how the organization functions together internally and how they impact each other. It also involves a commitment to learning about third-party vendors as well as threat actors to understand their motivations and any actions that might pose a potential threat.
- Identify your critical and protected assets
- Identify the vulnerabilities of your protected assets
- What systems connect to your assets and how can it impact them? What connects to those systems, and so on?
Challenge Pre-Existing Mental Models
Approaching threats in the age of interconnectedness can only be done with an open mind. Organizations spend considerable resources on defensive measures, but threat actors are able to devote their resources to innovate new offensive and attack measures. Continuing focus on infrastructure upgrades based on past attacks will not always yield results. Organizations can collect up to date threat intelligence to keep up with the dynamic behavior of threat actors.
- Who are the threat actors? What are their motivations?
- Collect ongoing intelligence to understand new threats and attack types
Need to Triangulate
When organizations take a more holistic approach to security operations, people from different departments can work together to see something that no one could see on their own.
- Centralized threat detection and intelligence for the whole organization
- Visibility, communication, and security planning across departments
Security risks addressed holistically by the entire organization ensures that the focus is on all the different parts of the system, rather than as distinct parts functioning alone. Media Sonar recently launched Threat Models to support the growing need for threat detection and intelligence. Threat Models detects risk to critical and protected assets, automatically collects threat intelligence data and threat actor information. Developed as an operational hub for security intelligence that blurs boundaries between cyber and physical security, Threat Models use Internet data and chatter to automatically help organizations learn, challenge assumptions, and triangulate to reduce vulnerabilities and, ultimately, successful attacks.
Book a demo to learn more about how Media Sonar’s threat detection and intelligence software can help you provide more efficient security across your entire organization.