For agency officials looking to build greater resiliency into their IT operations, security experts stress the growing importance of adopting sound cyberthreat intelligence practices to get out ahead of security risks, according to a new report.
Government agencies at all levels face a wide range of cybersecurity challenges. However, using advanced intelligence about the adversaries likely targeting your agency, and the tactics they’re most likely to use, can be instrumental in shrinking the time between incident and response, according to the report from FireEye.
The new briefing document gives IT security teams and leaders recommendations on how to shift from a reactive posture to a proactive approach by incorporating cyberthreat intelligence into daily IT operations.
“At the end of the day, organizations are not in business to defend themselves. They have a different mission. For cyber, every organization needs to mitigate the right amount of risk in the most effective and cost-efficient way. And that means they have a focus on the threats that matter the most,” said Tom Topping, FireEye’s senior director of federal strategic programs and initiatives.
Cyberthreat intelligence is one resource that gives a high return on investment, by helping agencies focus on the threats that matter most, he said. But to achieve a higher return, agency officials need to ensure that their threat intelligence meets four criteria:
- Is it relevant to your organization?
- Is it timely?
- Is it accurate?
- Is it presented in a way that’s actionable?
Cyberthreat intelligence helps agencies know if they are at risk to become victims. The most valuable intelligence won’t only tell you “what has already happened elsewhere, but what may be happening today or tomorrow,” added Tom Guarente, senior director at FireEye.
By detecting specific types of attacks that adversaries are using on organizations similar to your own, IT security leaders can leverage their resources more effectively. Agencies won’t be able to protect everything all the time, but if their focus remains on the most critical data and systems, they can deter threat actors from doing serious damage.
“Today, the name of the game is effective and efficient use of time and resources to focus on the actual threats and threat actors targeting your organization,” the report states.
When intelligence can instigate conversation with leadership on risk management, it can assist to shifting budget dollars to those on the front line of attacks.