Intelligent CIO Europe Issue 59 - Page 37

EDITOR ’ S QUESTION

Modern day CISOs are prioritising ‘ pre-attack intelligence ’ as a way to combat cyber-risk . Historically , they have focused on stopping cybercriminals once they ’ ve hit a network because this is where they have the greatest visibility of their adversary and , in theory , the advantage because the threat actor is on this infrastructure . However , what has become abundantly apparent from the continuing onslaught of attacks is that waiting until the cybercriminal hits the network is a too-little-too-late strategy . It is too reliant on the organisation firstly being able to detect the attack and secondly being able to mitigate it in time .

Pre-attack intelligence means gathering information on cybercriminals before they hit the network , when they are in the planning or ‘ reconnaissance ’ stage . One of the best sources of this information is the Dark Web because malicious activity often starts to emerge on Dark Web forums , groups and marketplaces that are hidden away from the eyes of law enforcement agencies and security teams . Monitoring the Dark Web and collecting information from underground online spaces provides organisations with intel they can use to improve their defences , as many actors have frank and open conversations about their latest victims and next plan of attack . By tracking these conversations , organisations can identify references or mentions to their business or their suppliers – which is often the starting point for cyberattacks .
Consequently , we ’ ve observed increasing demand from CISOs to gain access to Dark Web sources for their pre-attack intelligence . This visibility can be used to identify weak points in an organisation ’ s security structure , or to foresee a cybercriminal ’ s plan of action before potential exploitation . In some cases , pre-attack intelligence can also help to stop threat actors in their tracks . For example , the ability to search on the Dark Web for company credentials can enable CISOs to enforce password changes
For organisations to have the best chance of stopping cyberattacks , they must take action in the Cyber Kill Chain as early as possible .
on compromised accounts , to prevent access to systems . Leaks can also indicate if CISOs need to implement additional layers of security protection , like Multi-Factor Authentication , for specific areas on their company network .
CISOs can also leverage Dark Web intel to determine how their organisation and the wider security team can best prevent the tactics of the threat actors targeting them . A popular tool that ’ s accessible to all organisations is the MITRE ATT & CK framework that helps to effectively map a defence strategy against techniques threat actors are using and advises on how organisations can stop them in the pre-attack stage of the ‘ Cyber Kill Chain ’ – the first point of disruption . For organisations to have the best chance of stopping cyberattacks , they must take action in the Cyber Kill Chain as early as possible . p
We ’ ve observed increasing demand from CISOs to gain access to Dark Web sources for their pre-attack intelligence .
DR GARETH OWENSON , CTO AND CO-FOUNDER OF
SEARCHLIGHT SECURITY
www . intelligentcio . com INTELLIGENTCIO EUROPE 37