More Resources Needed For Cyber Threat Intel

CYBERSECURITY

More Resources Needed For Cyber Threat Intel

4/25/2017
By Yasmin Tadjdeh

Photo: Getty

To help better thwart attacks against its networks, government and industry must invest more funding and resources into gathering cyber-threat intelligence, according to a report.

“For much of the past, cybersecurity measures have focused on looking internally at the vulnerabilities of an enterprise network. While this will continue to remain important, we will not obtain substantial improvement in cybersecurity of our infrastructure until we adopt an approach that is focused on the adversary,” said Paulo Shakarian, a cybersecurity fellow at New America, a Washington, D.C., based think tank, in his new report titled, “The Enemy Has a Voice: Understanding Threats to Inform Smart Investment in Cyber Defense.”

Technical defense measures — such as anti-virus software or firewalls — alone will not stop attackers, he said. Instead, companies must focus on also gathering intelligence on adversaries.

“Obtaining high-grain intelligence on the activities of malicious hackers is a manpower-intensive task requiring many analysts. As a result, firms that provide this as a service today have yearly price tags into the seven digits,” he said.

This inherently puts small- and mid-tier companies at a major disadvantage, he said. Large Fortune 500 companies can sometimes have 50 to 100 employees just working on cybersecurity, he noted. For small and medium-sized businesses, it could be five employees or less.

“This is not to say that across the board they are doing a bad job or ignoring that intelligence,” said Shakarian, who is also the CEO and co-founder of Cyber Reconnaissance, a Phoenix, Arizona-based cyber intelligence company. “There are many very good medium-sized and small businesses that have come up with novel and cost-effective ways to handle this problem through a combination of technology and outsourcing and hiring the right people.”

However, because these companies are generally less protected, they may be targeted by hackers and used as “launching pads,” he said. This can affect larger prime contractors who work with these companies, he added.

Shakarian noted that there are various tiers of cyber-threat intelligence including situational awareness, proactive intelligence or “the identification of an imminent threat to an organization,” understanding enemy capabilities and collecting information regarding malicious hacking communities.

It is expected that the cyber-threat intelligence industry will be valued at $5.5 billion by 2020, the report found.

Topics: Cybersecurity, Doing Business with the Government, Budget

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES