Some would argue that the “best day” for an IT security professional is the day that nothing happens – but that’s the old way of thinking, an expert said Tuesday at the SC Congress Canada in Toronto.
These days, practitioners should consider the best day as the one when they enabled the business, said Rich Baich, principal at Deloitte & Touche. And an effective cyberthreat intelligence program can and should help them do just that.
Organizations today have a myriad of layered security solutions, which are capturing a wealth of data that is often never pulled together and correlated, he said. In addition, a number of external sources exist to provide information about threats and vulnerabilities.
By correlating all of this internal and external intelligence, a lot can be told about the threats targeting an organization, Baich said. Many IT security professionals, however, are failing to correlate intelligence data and make it actionable to the business.
“We’re running around like chickens with our heads cut off trying to plug holes,” he said. “We chase vulnerabilities rather than understanding why we’re targeted.”
The focus of a threat intelligence initiative should not just be to identify emerging risks, but to understand why they are relevant to the organization, Baich said.
The goal should be to prevent threats, rather than to respond to them. And, to ultimately help solve business problems, security professionals must first know what the problems are.
“Spend no more money on technology,” Baich recommended. “Operationalize what you’ve got.”