Protecting Critical Public Infrastructure: The Role of Threat Intelligence

Security
iStock

It is increasingly common to hear about cyber threats to energy and utility industries – our critical infrastructure. These are malicious acts by adversaries that target data, intellectual property, or other digital assets.

All too often it seems as though energy and utility companies are put in a defensive position to battle it out with these cyber intruders. How can this sector switch to a more offensive position when it comes to understanding these threats? Threat intelligence is a way to make sure your cybersecurity teams can minimize the impact of a threat against your assets.

Let’s take a look at how threat intelligence can be an effective source of information for energy and utility organizations.

What is threat intelligence?

If you have an adversary threatening your system, it is a good idea to learn about who they are, why they want to attack you, and where they are most likely to attack. You also want to know if they have ever been undetected on your network or in your applications, if they are currently there, or if it is likely they will try to breach your business.

Threat intelligence is a way to collect that information and make informed and data-driven decisions on how to prepare for an attack, outright prevent the attack, and identify cyber threats. All of this helps to make your business more resilient so you can remain operational during and after a cyber incident, with a goal of every cyber incident not being a catastrophic one.

Who uses threat intelligence?

Cybersecurity is a business enabler. And, having insight into the psyche and rationale of those who want to inflict harm on your business is a good idea for your stakeholders. Albeit, the technical detail for each stakeholder will vary.

Users of threat intelligence may include:

  • SOC analysts
  • IT analysts
  • IT operations teams
  • Incident response teams
  • Development and quality assurance teams
  • C-suite including CISO
  • Board of directors

Executives and the board use threat intelligence to understand business risk, communicate with functional team leaders, and gain the ability to quickly deploy funding if appropriate to manage threats or bring on experts to assist.

Practitioners use threat intelligence to help set priorities in managing threats, verify open vulnerabilities, and be proactive with risk mitigation. Threat intelligence data is useful and beneficial beyond the team of cybersecurity professionals. Effective use of this intel helps to remove often deeply engrained silos in enterprise organizations. 

How does my business benefit from threat intelligence?

Think of threat intelligence as the data that helps to inform the decisions in managing the risk a business is willing to take. Organizations can create their own threat intelligence feeds or purchase a feed specific to their vertical market or geographic location.

Keep in mind that the raw data received from threat intelligence is significant in size, and the noise-to-frequency ratio is something that needs fine-tuning over time. Automating threat intelligence helps reduce human error, increases fidelity through pattern matching, and delivers results more quickly. Using automated threat intelligence means the right stakeholders can receive relevant and actionable information more quickly.

Overall, threat intelligence helps organizations:

  • Reduce costs associated with the impact of a breach
  • Reduce the risk of a cyber incident to steal data and disrupt business operations
  • Increase collaboration and cross-functional work of the IT, development, security, and lines of business teams

With the increase and determination of cyber adversaries, organizations are trying to become more resilient. Part of that resiliency includes having a cybersecurity team that is efficient, effective, and proactive. Threat intelligence is a smart way to understand what is going on inside your network, applications, and systems to help stay ahead of adversaries and deliver on the goal of a resilient enterprise.

For more information on AT&T Alien Labs, the threat intelligence unit of AT&T Cybersecurity, please visit here.

Related:

Copyright © 2021 IDG Communications, Inc.