10 Threat Intelligence Goals for Financial Institutions
Russell Pierce, vice president of cybersecurity and threat intelligence at Regions Financial Corporation recently shared his experiences with building a threat intelligence program, and how Recorded Future contributes to its overall success.
Times Have ChangedThe introduction of the Internet and online banking has had a dramatic impact on the financial services industry. Prior to the web, it was easy for financial organizations to secure information but difficult to reach customers. Today, ease of use is a major competitive factor, and any organization with an eye towards growth is using the web for customer transactions and engagement.
Financial organizations’ infrastructures, too, are connected to the Internet – and to third-party partners’ Internet-connected infrastructures – leaving everyone more vulnerable to more risks than ever before. Like other industries, financial systems that previously had very defined perimeters are now perimeter-less. With the stakes so high, the finance industry has had to look for new, proactive ways to protect their systems and the information contained within them.
It’s not enough to just implement new controls and technologies around the systems, though; smart organizations are dedicating teams to look in the deep crevices of the web for detailed information on threats to their environments. World news and events, potentially controversial company announcements, new executive appointments, industry and partner breaches, industry-specific malware — all of these and more can indicate a risk, and analysts need to find the intelligence that must be acted upon to protect the company and its customers.
The wealth and scope of available information can be overwhelming for intelligence analysts, however. While in the past actionable and credible threat intelligence could be elusive, now information can be found online anywhere, at any time, in any language. With the volume of information and limited resources and budgets, organizations need to be strategic in their intelligence gathering.
But how can your company’s analysts sort through the noise to find the right threat intelligence?
During a recent webinar, Russell Pierce, CISSP of Regions Financial Corporation shared how organizations can use Recorded Future as part of their comprehensive cybersecurity program. By applying real-time threat intelligence from the open web to improve defenses against cyber threats, companies can:
- Navigate from intelligence objectives to intelligent decisions.
- Apply open source intelligence (OSINT) to better prioritize threats.
- Save time and money by strategically focus threat intelligence capabilities.
Why Is This So Hard?Complicating matters further, the web has layers and is constantly in flux, which means analysts and researchers need to be looking at more sources than ever before, including:
- World Wide Web: Surface layer, public, easily accessible
- Deep Web: Not searchable, dynamic, private, ephemeral
- Dark Web: Custom protocols, legal issues
CSINT: More likely to be structured and costly
In-House: Internal, mostly structured, trusted, free
While all of these sources supply threat information, some of it can be difficult to access and, in some cases (i.e. the dark web), poses risks just by being accessed. Nonetheless, threat information is everywhere and organizations must be smart about threat information collection.
Because this plethora of information can be overwhelming, even for the most sophisticated and resourced risk and threat intelligence teams, Mr. Pierce recommends companies prioritize threat intelligence goals. Ranked by importance and proximity, he suggests companies assess threats according to how they affect Your Company, Your Industry, and Your Internet.
Top 10 Threat Intelligence GoalsThe top four threats, said Mr. Pierce, are those risks to Your Company:
- Direct risk (targeted or named; institutional vulnerabilities)
- Indirect risk (vendor, service, or technology dependencies)
- Actors, campaigns, tools, or tactics that targeted your company or sector
- Internal inquiry (leadership, corp communications, or technical areas)
Since many cyber attacks occur as a result of indirect threats, risks, or vulnerabilities, companies must be aware of what’s happening in the industry. A large company or group of companies in Your Industry being hit with targeted malware, for instance, is a good indication that trouble may be brewing for your company, too:
- Affecting multiple companies in your sector
- Affecting a large company or leader in your sector
- Affecting a direct peer (by market size, holdings, or geography)
Rounding out Mr. Pierce’s top 10 intelligence goals are threats to Your Internet:
- Mass campaign (widespread, significant volume, or high level of success)
- Has, or expected to have, significant media attention (inquiries expected)
- New or significant actors, campaigns, tools, or tactics
Being strategic and setting your threat intelligence goals is a good first step towards driving down risk to your organization. While a comprehensive threat intelligence program is composed of many elements, Mr. Pierce emphasized how integrating tools and technologies – including Recorded Future – are a major asset to information discovery. Recorded Future supplies:
- An enriched dataset from over 700,000 web sources.
- The ability to collect threat information in seven languages.
- A fast method of getting to "Your Destination."