More Resources Needed For Cyber Threat Intel
To help better thwart attacks against its networks, government and industry must invest more funding and resources into gathering cyber-threat intelligence, according to a report.
“For much of the past, cybersecurity measures have focused on looking internally at the vulnerabilities of an enterprise network. While this will continue to remain important, we will not obtain substantial improvement in cybersecurity of our infrastructure until we adopt an approach that is focused on the adversary,” said Paulo Shakarian, a cybersecurity fellow at New America, a Washington, D.C., based think tank, in his new report titled, “The Enemy Has a Voice: Understanding Threats to Inform Smart Investment in Cyber Defense.”
Technical defense measures — such as anti-virus software or firewalls — alone will not stop attackers, he said. Instead, companies must focus on also gathering intelligence on adversaries.
“Obtaining high-grain intelligence on the activities of malicious hackers is a manpower-intensive task requiring many analysts. As a result, firms that provide this as a service today have yearly price tags into the seven digits,” he said.
This inherently puts small- and mid-tier companies at a major disadvantage, he said. Large Fortune 500 companies can sometimes have 50 to 100 employees just working on cybersecurity, he noted. For small and medium-sized businesses, it could be five employees or less.
“This is not to say that across the board they are doing a bad job or ignoring that intelligence,” said Shakarian, who is also the CEO and co-founder of Cyber Reconnaissance, a Phoenix, Arizona-based cyber intelligence company. “There are many very good medium-sized and small businesses that have come up with novel and cost-effective ways to handle this problem through a combination of technology and outsourcing and hiring the right people.”
However, because these companies are generally less protected, they may be targeted by hackers and used as “launching pads,” he said. This can affect larger prime contractors who work with these companies, he added.
Shakarian noted that there are various tiers of cyber-threat intelligence including situational awareness, proactive intelligence or “the identification of an imminent threat to an organization,” understanding enemy capabilities and collecting information regarding malicious hacking communities.
It is expected that the cyber-threat intelligence industry will be valued at $5.5 billion by 2020, the report found.