Use Threat Intelligence To Boost Physical and IT Security
Threat intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
Don’t let the definition scare you. For business owners and security managers, threat intelligence is a good thing. The “good” part of threat intelligence is the actionable advice it provides. Threat intelligence starts out as data you already have or can easily obtain. Basically, it’s just information. Nice to have, but it does nothing to benefit security. It becomes beneficial when it delivers actionable advice; its primary thrust is action. When it’s active, threat intelligence is a great tool for improving security and safety.
Best-in-class enterprises know this; 65 percent of them use external threat intelligence to enhance security decision-making. You can take advantage of threat intelligence the same way as the best-in-class performers in your own business or commercial property. When you do, security and other processes improve in at least four ways:
1. Threat intelligence helps you prioritize where to spend time and money
Data is your best tool for deciding where to spend your security budget. It reveals what security controls are working and which are not. It could be a cyber security hole, as in a password or credentials, or it could be a physical security hole. Holes are security vulnerabilities that hackers want to exploit, so they need attention. Maybe the data is telling you that better lighting and additional surveillance cameras are needed in the parking lot and by the rear exit. Data—intelligent data—reveals all. Seek out the data that’s important. Excavate it, compare it, and use the insight gleaned to shore up security gaps.
2. Reduces security incidents
Reducing security incidents requires context that comes from historical and real-time data—the past month’s security and video footage won’t deliver it. Historical and real-time data work together to reveal incidents over time. By understanding context, you’re better able to respond with solutions specific to the need.
3. Increases response time
Historically, one of the challenges with threat intelligence is the time it takes to make information actionable. Advances in technology have decreased the time lapse, but more needs to be done. Develop a response framework. Use historical data to determine processes and procedures. Identify who’s a first responder and build out a contact map from there. Determine who should be contacted if an incident escalates. Identify when and where systems, doors, and devices should be disconnected from critical systems or—worst-case scenario—shut down altogether.
4. Develops the bigger picture of security events, attacks, and incidents
The bad actors—cybercriminals—are collaborating. They always have been. They share data, tools, and expertise. The “good actors”—us—need to mimic their behavior. Sharing knowledge and working together is our only chance at pushing back the rising tide of hacks, attacks, and breaches. Collectively, structured and unstructured data produce a catalog of threat intelligence and can give us an advantage over the adversary. Just remember, threat intelligence does nothing on its own. It’s what you do with it that makes all the difference. The real value is in its application to your business and turning information into action.