Making Threat Intelligence Actionable at the Executive Level (Part 3)
September 3, 2019 • The Recorded Future Team
This is the last blog in a three-part series discussing how threat intelligence information can be communicated to C-level executives and the board of directors. In our first blog, we examined the information that security teams need to compile and communicate. In our second blog, we presented the information that the C-suite and the board can glean in reaction to the threat intelligence provided by the security team.
This blog outlines how a threat intelligence solution helps CISOs present information in a way that executives can easily interpret and take action such that the company is prepared to defend against attacks targeting their IT assets and sensitive information.
Securing the Front Line With Threat Intelligence
The people, technologies, and processes on the front lines of your IT security program clearly play critical roles. Just as important are the high-level conversations at the C-level and among your board of directors. Only when in possession of contextualized threat intelligence can executives and board members communicate effectively.
Putting threats into context makes it possible to prioritize security risks and to approve the necessary resources so the security team can protect your company’s data and IT assets. Taking action for action’s sake is a waste of time and money; taking action based on information makes for better informed results.
But there needs to be a conduit for these conversations, and it’s usually the CISO — the connector between IT, the executives, and board members of the company. In addition to putting threats into context, the CISO is also challenged by the requirement to describe threats and to justify countermeasures in terms that motivate non-technical business leaders. Key factors to communicate include the costs, return on investment (ROI), client impact, and the competitive consequences.
The Key to Effective Conversations
To conduct these conversations effectively, inundating executives and board members with news about every single threat is not a good option. CISOs need to leverage intelligence technologies that collect data from all internal security tools and synchronize that data with external threat information, preferably from multiple sources.
This makes it possible to put potential threats into the context of the company’s IT infrastructure and security posture. The security team can then measure just how much risk each threat poses in terms of the damage that can potentially be unleashed, along with which IT assets and data are at risk. A threat to a web server that executes transactions and stores customer data, for example, would receive a much higher priority than 10 laptops used by office visitors to check email.
Armed with this level of threat intelligence, CISOs gain powerful ammunition for discussions with executives and the board. They can report on the impact of similar attacks on companies of the same size and in the same industry as well as other organizations in industries with similar data sets or operating environments. CISOs can also cite trends and intelligence from the dark web that indicate if the company is likely to be targeted by cybercriminals.
Balancing Limited Resources Against the Need to Secure the Company
The threat intelligence that the CISO delivers to the rest of the C-suite and the board needs to be both concise and timely. It’s best to provide a real-time picture of the latest threats, trends, and events in the form of a dashboard or in another at-a-glance format that clearly communicates the potential impact of a new threat.
With this information, executives and the board can more easily support the CISO in how to balance limited personnel resources and technology investments as efficiently as possible when protecting against cyber threats. Contextualized threat intelligence addresses this issue by building a picture of the threat landscape, accurately calculating cyber risk, and arming your organization with the intelligence to make better, faster decisions.
Of course, CISOs should also keep in mind that ROI is often the key driver in decisions made by CEOs and board members. In a white paper published by IDC, researchers analyzed the benefits and costs related to using Recorded Future and found that over three years, organizations save approximately $24,656 per security team member when using Recorded Future, see a break-even on their investment in four months, and get a 284% ROI after three years.
Enable the Entire Company to Protect IT Assets and Data
The Recorded Future® Platform ultimately enables CISOs to keep executives and board members informed of current and emerging threats by delivering comprehensive, relevant, contextualized, concise, and timely information.
In turn, the security team can fulfill its mission to protect the company’s valuable IT assets and sensitive data. That makes finding a way to facilitate communications between the security team and company executives well worth the effort for CISOs.
To learn more about the benefits that Recorded Future can provide to organizations of all sizes, download your complimentary copy of IDC’s white paper, “Organizations React to Security Threats More Efficiently and Cost Effectively With Recorded Future.”