Do you use threat intelligence? Are you getting the value you expected?It\u2019s a crowded space swirling with confusion. I don\u2019t write about it often because it\u2019s hard to sift through the jargon to get down to what actually matters.I recently had the chance to talk with Josh Lefkowitz, the CEO and Co-Founder of Flashpoint. Josh spent the majority of his career focused on applying intelligence to support counterterrorism. During our conversation he talked about pivoting from threat intelligence to business risk intelligence.It clicked with me.I was so excited about the pivot that we invited him as guest on Startup Security Weekly (episode 19). It\u2019s an interview I\u2019ll watch again just to take notes. \u00a0After the discussion and interview, I invited Josh to share his insights on how security leaders can cut through the confusion of threat intel and pivot to business risk intelligence.Why is there so much confusion about threat intelligence?One of the biggest challenges, honestly, is that there are so many convoluted definitions of threat intelligence due to a mix of poor understanding, mixed marketing, and would be intelligence vendors with little to no true intelligence vision or leadership. Because the definition of threat intelligence has become so vague, it\u2019s making it even more difficult for security and intelligence practitioners to determine exactly what intelligence \u2014 if any \u2014 they are actually getting.The three primary problems I see are:Open web \u201cintelligence\u201d is not intelligence. It is data.Too many people are touting \u201cfull coverage\u201d of the deep and dark web based on automation or spidering, and that is not achievable with those methods.This notion of predictive intelligence based on analyzing the past is creating false expectations for buyers who later realize they aren\u2019t getting new information.Threat intelligence must improve risk profiles and the ability to manage risk -- not just in cybersecurity operations, but also physical security and supply chain risk, among others -- in order to make better decisions. And if it can\u2019t do that, then that uninformed \u201cdata\u201d otherwise described as intelligence just wastes time and resources. More data does not equal better intelligence. However, contextual intelligence derived from deep and dark web data can deliver truly invaluable insights for better decision-making when gathered and processed correctly, securely, and by individuals with ample skills.That means understanding what is actually important to the organization. How do you figure that out?No company is alike, regardless of the same industry, size, geography. They all have different business and security challenges, and even profiles of executives, so they need to be treated as such. It\u2019s always best to start by analyzing their unique needs and challenges to provide contextual intelligence versus just data. In our case, during a new customer\u2019s first 90 days, we work together with their teams to evaluate their current cyber intelligence collection capabilities, assess what is mission critical to the organization, and then turn these needs into intelligence requirements.We also discuss relevant emerging threats to their industry, geography, and supply chain. Since there are countless ways to approach and develop a Business Risk Intelligence program, we try to be as comprehensive and proactive as possible. It\u2019s also very important for us to be in constant communication with our customers. We all know that threats and breaking research findings occur often in this industry, so we need to make sure our customers are always as informed as possible. This includes ensuring they have direct access to our multilingual intelligence analysts, as well as welcoming them into our customer community \u2014 a close-knit, trusted network of peers and industry-specific security professionals that fosters sharing and collaboration in real-time as threats emerge.It boils down to asking, \u201cWhat decisions do you want to make better?\u201d Can you offer some examples?This relates to the onboarding process, and how different every organization is and needs to be treated as such. Just as individuals have unique needs and require a sensitivity to their perspectives when making decisions, so do organizations. Whether an organization has an entire department of seasoned intelligence analysts, or a smaller team that needs more daily support, it demands a mix of the right people, data, and technology.In one example involving supply chain risk, Flashpoint\u2019s intelligence derived from an underground community revealed a vulnerability pertaining to an upstream supplier of medical software used by over 100 U.S.-based hospitals and health care facilities. We were able to provide early warning to organizations relying on the software to manage sensitive patient data and communications, thus creating an opportunity to mitigate risk prior to an incident.The second example addresses physical security, which is too often overlooked in the context of cyber threat intelligence. As the overlap between the cyber and physical threat landscapes expands, threat actors active in illicit online communities pose serious risks to organizations\u2019 physical security. But, as most enterprise physical security teams lack visibility into the cyber threat landscape and vice versa, organizations often are not fully aware of relevant physical threats.When this particular customer had a high-profile executive from a Fortune 100 company plan to attend a popular public event, the company\u2019s physical security teams used our Business Risk Intelligence to identify and investigate previously-unknown threat actors located in the vicinity of the event. This visibility enabled security teams to leverage a threat-based approach by deploying resources in priority areas to protect their executive and reduce risks to physical security.What is the difference between threat intelligence and business risk intelligence?The reason we talk about Business Risk Intelligence, or BRI, is that it broadens the scope of cyber intelligence beyond threat detection to provide relevant context to business units not traditionally afforded the benefits of intelligence derived from the deep and dark web; BRI goes beyond the empty \u201cdata\u201d of other claimed intelligence offerings we spoke about earlier. It also requires highly skilled deep and dark web teams with the ability to go far beyond automation in exploring the dark web to support our clients.\u00a0BRI was developed to better serve organizations\u2019 diverse needs by addressing a gap in the cyber intelligence market. This gap emerged years ago after cyber intelligence\u2019s role as a fundamental necessity was initially established within corporate America under the recognized label of Cyber Threat Intelligence (CTI). The CTI function facilitates a highly-reactive approach to security, as it is largely anchored across industry verticals by way of Indicators of Compromise (IoCs). It\u2019s important to note that since CTI was developed solely to serve cybersecurity teams, it does little to support other business functions or foster cross-enterprise collaboration.\u00a0BRI\u2019s widespread versatility enables organizations to not only bolster cybersecurity but also confront fraud, detect insider threats, enhance physical security, assess M&A opportunities, and address vendor risk and supply chain integrity. Organizations with robust BRI programs have successfully gained an increased understanding of the impact, relevancy and corresponding business risks from malicious insiders, hacktivist groups, nation state and cyber threat actors, and radical jihadists.How can a security leader embrace and get ahead of this opportunity?Many of our current customers are thought leaders in their own right, in how they have stepped up to implement BRI programs in their organizations. Some have used the intelligence and RFIs that we provide to them to create their own internal \u201cfusion centers\u201d for intelligence sharing, not only within their intelligence or cyber teams, but their physical security, legal, and other teams that could be privy to third-party risk. For our customers, some of this is driven by the the community we have invited them into, which I discussed earlier, and they have based some of their internal sharing on our sharing model. Sometimes this includes an FYI on industry happenings they might\u2019ve missed, or more often it includes very enriched intelligence reports. I\u2019ve seen this also foster cross-company collaboration, where companies in similar sectors enter into discussions about our reports and share information that they have seen, in order to best protect their industries as a whole.While business can be competitive, true security leaders understand that there\u2019s no room for intelligence \u201choarding\u201d when it means a safer landscape for everyone potentially impacted by an actor or cyber threat.