These days, practitioners should consider the best day as the one when they enabled the business, said Rich Baich, principal at Deloitte & Touche. And an effective cyberthreat intelligence program can and should help them do just that.
Organizations today have a myriad of layered security solutions, which are capturing a wealth of data that is often never pulled together and correlated, he said. In addition, a number of external sources exist to provide information about threats and vulnerabilities.
By correlating all of this internal and external intelligence, a lot can be told about the threats targeting an organization, Baich said. Many IT security professionals, however, are failing to correlate intelligence data and make it actionable to the business.
“We're running around like chickens with our heads cut off trying to plug holes,” he said. “We chase vulnerabilities rather than understanding why we're targeted.”
The focus of a threat intelligence initiative should not just be to identify emerging risks, but to understand why they are relevant to the organization, Baich said.
The goal should be to prevent threats, rather than to respond to them. And, to ultimately help solve business problems, security professionals must first know what the problems are.
“Spend no more money on technology,” Baich recommended. “Operationalize what you've got.”