Cyber threats today are recognized as attacks often targeted towards political, global, commercial entities with considerable financial and reputational risks.
The practices of network security, managed detection and response are already well accepted and considered as the norms in cybersecurity, However, the shift to rapid thinking and intelligence (actionable) is the need of the hour.
All enterprises or organizations need to raise their security game and initiate a security culture and secure by design concept to defend themselves against modern century cyber attackers. It is not enough for them to just risk-assess their way out.
Using military action: (OODA Loop) “In military terms, this is an asymmetric war and currently, the best result that attack targets can achieve is a draw”.
The speed of response and a better understanding of who is behind the attack vector will separate the winners from the laggards. Enterprises, therefore, need to invest, acquire and train harder than they can potentially fight.
The need for digital transformation and disruption through new platform economy, liquid workforce have made it mandatory for large and mid-sized corporations to consider and invest in managed security services which monitor the health of their cyber-dependent operations continuous basis.
A key element of this would be the adoption of an intelligence-driven approach taken from traditional combat. This has two goals:
1. To prevent an attacker from successfully attacking
2. To be able to recognize and respond effectively to an attack that has already happened
Cybersecurity and Information Security practitioners already undertake a degree of intelligence work albeit after the attack has taken place. Many are now trying to improve their detection capability by identifying and sharing so-called ‘indicators of compromise’, or forensic remnants of an intrusion residing in operating systems and network devices.
It is now a question of becoming more proactive by moving beyond the technical details of the attack (the what, when and where) towards a better understanding, and attribution, of the procedures, techniques and tricks behind the attack (the modus operandi or how) and, critically, the attackers themselves (the who and why).
Such intelligence places cyber threats in context and, through greater situational awareness, better informs the countermeasures. SOC’s are shifting towards CTIC (Cyber Threat Intelligence Centers), Cyber Threat Modelling based on Computed Indicators and Pyramid of connection is important to Stay advanced and incorporating TOS and a structure on “Before Incident” “During Incident” & “After Incident”. Such approach could help to create a way towards better results in information security and can move from reactive, ‘seize and erase’defence to responsive, proactive, intelligence-led cyber resilience.