Threat Management, Incident Response, TDR

Private sector can’t ignore threat intel

As IT security decision-makers wrestle with how to evaluate threat intelligence solutions, especially in light of the recent demise of intel provider Norse Corp., a new report highlighted the perils of ignoring threat intelligence.

The new global threat report, produced by CrowdStrike, warned of the growing threat of China, Russia, North Korea and Iran, as well as cybercriminal syndicates and hacktivist groups.

The report sorted threats faced by private enterprises into 70 categories of hacker groups and three motivations of the attackers. “Targeted intrusion is most frequently executed by nation-states seeking to collect intelligence to facilitate public and private decision making,” the report stated. “These nations have collected intelligence from private enterprises, non-governmental organizations, military and defense related businesses, foreign governments, and individuals deemed to be dangerous to the aggressor.”

In an email to SCMagazine.com, Crowdstrike VP of intelligence Adam Meyers noted a shift in the corporate approach to cybersecurity over the past 18 months from primarily an IT concern to an executive discussion that occurs at the board-level. “We absolutely need to elevate the conversation about security to provide actionable takeaways for corporate boards and business executives,” he wrote.

The report specifically called out the threat of China, Russia, North Korea, and Iran. The countries are investing heavily in cyber and working to increase their attack capabilities, as are cyber criminal syndicates and hacktivist groups.

Meyers noted that shifts in oil and gasoline prices have driven tensions between Russia, Saudi Arabia, and Iran and have increased nation-state hacking of the energy sector. “Cyber espionage is not a series of discrete events but an interconnected chain of business, economic, political, and national security inflection points that have ripple effects on organizations globally,” Meyers wrote.

One of the ways that the U.S. has tried to respond to nation-state cyber threats has been by signing a series of cyberthreat information sharing agreements with allies. For example, the U.S. signed agreements with CubaSouth Korea, Japan, and Israel last year.

There are limitations to these agreements, especially if relations with these allies turn sour. The U.S. was recently found to have hacked into Israeli drone and fighter jet surveillance feeds. Just before that, the White House faced uproar in the Senate when it was discovered that the NSA surveiled private conversations between U.S. senators and Israeli prime minister Benjamin Netanyahu.

Healthcare breached are a growing threat, the report said, noting that the health data of 50 million to 80 million American's health data has been compromised.

In a blog post, CrowdStrike CEO George Kurtz wrote, “CEOs and boards of directors who ignore or disregard the ramifications of these events will pay for it in loss of revenue, jobs, intellectual property, and shareholder value.”

Some threat monitoring approaches and tools are decidedly low-tech, which demonstrated a growing awareness of IT security among SMBs. For example, CrowdStrike released a monthly calendar illustrating which countries consider each day a work day. “It used to be about people, process, and technology,” wrote Meyers. “I think it's imperative that we add intelligence to the equation.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.