WTL

The 5 Barriers to Threat Intelligence Success – PART 1

As a board-level concern, effective cybersecurity is a strategic and operational necessity. The rapid development and evolution of new cyber threats means that businesses must adopt a proactive approach to defence – which is where threat intelligence comes into play.

Threat intelligence takes a 360º degree view of security dealing with issues in progress and using past activity to inform future defence activities.

1. Gathering intelligence

Virtually every system you use will generate activity logs that indicate platform health and more. However, these logging systems are often siloed, making it hard to identify potential problems or inter-linked issues.

Choosing how to gather and centralise data will be the first challenge you face. You will also need to consider which external sources can be used to provide context and understanding.

2. Curating your feeds

The truth is your business does not lack data for use in cybersecurity intelligence – it probably has too much. Cutting through the “noise” generated by system logs will be critical to identifying and prioritising potential issues for follow-up.

Sifting through intelligence is time-consuming and resource-intensive, particularly when your filtering tools are inadequate. Some businesses find that diverting resources to curation exposes them more as other important tasks are neglected or overlooked.

3. Actioning intelligence

Generating intelligence insights is one thing – applying them effectively is even more important. Some organisations will find they lack the resources and experience to action insights immediately, leaving them vulnerable to compromise.

Threat intelligence is not about creating a ‘to-do’ list – it highlights incidents and weaknesses that must be acted upon straight away.

4. Proving value

Like every expenditure, threat intelligence needs to be justified to stakeholders and decision-makers. But proving ROI on something that never happened, such as a thwarted cyberattack, is almost impossible.

Too often, inexperienced IT decision-makers are bounced into defining meaningless (and valueless) metrics to ‘prove’ the success of their threat intelligence strategy. And in the long run, this may damage trust in their threat intelligence strategy.

5. Preparing for the future

Intelligence can be applied to solve immediate challenges – but it can (and should) be repurposed to improve defences against future cyber threats too. This will require experience and knowledge, an understanding of the current threat landscape and how the industry is evolving.

The insular “ours” approach to security could also hinder future success. Keeping insights and experience in-house (and failing to seek external input) creates an unbalanced situation where your team must constantly re-learn lessons that are already common knowledge in the “sharing” community.

What next?

In the second part of this series, we will look at how to manage each of these challenges to better protect your business and deliver threat intelligence success. But if you can’t wait until then, please don’t hesitate to give us a call.

Scroll to Top