EDITOR ’ S QUESTION
BRYSON MEDLOCK , THREAT INTELLIGENCE EVANGELIST AT CONNECTWISE ’ S CYBER
The cybersecurity threat landscape continues to grow in size and complexity , meaning there is a need to create a frontline team dedicated to proactively detecting attacks that could take a business out in a single shot . Over a third ( 39 %) of UK businesses have identified a cyberattack in the past year with the most common threat vector being phishing attempts ( 83 %). While the techniques that bad actors are using don ’ t change that much , organisations still require a level of threat intelligence to understand the current cyber-risk landscape and mitigate risks .
Threat intelligence gathers and analyses cybersecurity data to combat emerging threats , enabling organisations to stay a step ahead of threat actors . This can include monitoring of ransom leak sites , malicious botnets , open-source intelligence resources and more to uncover threats . This typically takes a team of dedicated , highly qualified cybersecurity professionals with specialised knowledge , training and skills to produce valuable , actionable insights . These teams leverage threat intelligence , threat detection tools , environmental knowledge , their career experience and more to ‘ hunt ’ for specific types of activity , analysing this data to identify weaknesses and compromises .
Threat intelligence teams understand the importance of using contextual information , including technical , behavioural and situational factors , to help determine the who , what , why and how behind a given threat . Threat researchers identify the tactics , techniques and procedures ( TTPs ) of threat actors using a common language that can help us understand which TTPs and related controls defenders should prioritise .
This helps threat hunters figure out what the bad guys are actually doing . In its 2022 MSP Threat Report , ConnectWise ’ s CRU mapped out the TTPs for the five ransomware threat actors most actively targeting MSPs and their clients . When comparing these , the report shows that phishing and stolen account credentials are the most common methods used by threat actors for initial access , and all top five threat actors use phishing . By using TTPs , threat researchers can help business owners decide where they need to spend their time and money for defences , tying detections to TTPs to help identify gaps in coverage .
The pace of technology is moving fast , meaning there ’ s more data than ever . Understanding and defining which attacks and attackers are likely to be a threat is instrumental for a well-rounded cyber strategy . Threat intelligence helps organisations whose cyber strategies are normally stifled by budget and time limitations , enabling them to focus efforts on where they want to have the most effect . While it may be impossible to completely eliminate the bad guys , a threat intelligence team gives organisations peace of mind knowing that front lines are ready to proactively detect threats , respond and recover with minimal damage in the event of an attack .
36 INTELLIGENTCIO EUROPE www . intelligentcio . com