By Zane Pokorny, 20 September 2018
- Before your organization can make the most of the threats you generate, you must have a good sense of three things: your goals, resources and capabilities.
- The ambiguous risks are often the most damaging for organizations that do not have a plan properly aligned with these three factors.
- Our new Threat Intelligence Gradient provides a tool to assess the maturity of your organization's threat information.
Good threat intelligence takes introspection
Imperfect information, fog of war, hypocognition – whatever you want to call it, the problem of incomplete knowledge afflicts the security professionals of each band. In particular, cyber threats continue to become more pernicious, with attacks that seem to come without warning, are difficult to ascribe and sometimes cause devastating damage.
The goal of threat intelligence is to provide external knowledge and contexts to help keep you safe from these cyber attacks. But the effective application of threat intelligence also requires a good deal of introspection. Before focusing on the acquisition of information that you can take action on, you need to understand the goals, resources and capabilities of your organization.
Developing the right level of self-awareness is difficult, especially when it comes to measuring one's ability to deal with ambiguous risks. Mastering the intelligence bases of threats sometimes leads organizations to believe they are prepared for even bigger threats – an often mistaken assumption that can lead to catastrophe.
Management of ambiguous risks
An in-depth study conducted by the Harvard Business Review found that some of the most damaging events emerged in circumstances where the warning signs were ambiguous and their potential for harm was unclear. In these cases, and in many fields, managers have often taken a more conservative approach to reclamation.
In other words, they did not do enough.
Whether it is confirming errors or excessive security, it is common for organizations that do not have a well-designed emergency response plan to not adequately judge the severity of threats.
According to the same study, organizations that successfully navigate ambiguous threats "do not improvise during a recovery window, but rather rigorously apply a series of detection and response capabilities that they have developed and practiced in advance."
However, preparation should not be considered synonymous with rigidity. In fact, organizations often respond more rigidly to threats when they do not have enough data and practice. "Faced with vague evidence," reads the study, "we often intensify our commitment to current lines of action, particularly when we have invested a lot of time and money on them."
Evaluation of threat intelligence capabilities
That's why it's so important to determine in advance how effectively your organization is using its threat intelligence: the more you are able to exploit your intelligence in an effective, more flexible and faster action, your team will be able to start and respond to real threats when they happen. For example, registered customers of Future are able to identify threats 10 times faster using real-time threat intelligence.
We have developed a threat information selector to tell you exactly how you are. Whether you're just beginning to integrate threat intelligence into your organization's IT security efforts, or if you already have an advanced program, it should help you determine what your strengths are and what areas you need to focus on. We ask questions like:
- Who in your organization is consuming threat information?
- How does your organization gather technical, open web and dark web sources?
- How does your organization generate intelligence reports on finished threats?
Evaluation is quick, but both the final score and the questions themselves will help you to examine more critically the parameters we have mentioned above: the objectives of your organization, its resources and its capabilities.
To assess the maturity of your organization's threat information, try our Grader today.