Contextual Threat Intelligence: How CISOs Can Level Up Their Cyber Defenses
For many years, business leaders have emphasized the need for customer intelligence. By looking at customer behavior and motivations, organizations make more strategic and data-driven business decisions. Cybersecurity leaders now have the same opportunity.
Accurate and timely analysis of the behaviors and motivations of threat actors can help infosec leaders make more strategic cyber defense decisions. To make such information more easily consumable and readily available, the BlackBerry Research and Intelligence Team has launched a new contextual cyber threat intelligence (CTI) subscription service.
“CTI is like the names of the roads and locations on a map,” says BlackBerry Vice President of Threat Research and Intelligence Ismael Valenzuela, in a recent episode of the BlackBerry LIVE podcast series. “It is an apt analogy, for without those names it would be much harder to know whether the decisions you make move you closer to your desired destination.”
BlackBerry designed this service to bridge the gap between threat research and business decision-making. Delivered on a quarterly basis, the BlackBerry® CTI service provides subscribers with tailored threat intelligence along with actionable insights and recommendations to bolster the cyber resilience of an organization. Regardless of their size, organizations will have access to customized reports with timely data as well as tactical, operational, and strategic information in a form CISOs can easily consume.
Click below to watch our BlackBerry LIVE discussion and learn more about the value of CTI. A partial transcript follows.
The following is a partial transcript of the discussion, edited for brevity, between BlackBerry Editorial Director Steve Kovsky, Vice President of Threat Research and Intelligence Ismael Valenzuela, and Most Distinguished Threat Researcher Dmitry Bestuzhev.
Dmitry, you've been at the forefront of this field for many years. Why is threat intelligence so important to organizations today?
Well, that is because it is not just about malware anymore, like it used to be 15 or 20 years ago. Now we see that malicious code is just a vehicle, a weapon, one of many used to target companies and end consumers.
But when we speak about weaponry, we should understand that there's someone behind it. They could be a lone wolf, an organization-sponsored threat actor, or a nation-state group of cybercriminals. They all have reasons to attack — a “why.” And we need to better understand this.
We also need to understand the tooling of the weapons they use. How can we anticipate those attacks? What strategies should we take to lessen the risks, to build detection capabilities not based on products, but based on visibility and actionable intelligence extracted from the analysis of campaigns and those threat actors?
[Malicious actors] will continue to throw things at us until they achieve their goals, and they may change their techniques and tactics. So understanding the underlying reason why you're being attacked, and what they're trying to achieve, can help you.
Ismael, there are some organizations that don't think CTI applies to them or don't think that it's something they can use. How does it scale? Is it only for large organizations or is this something that a company with even one, two, or three security folks on staff could benefit from?
That's a very good question. I’ve been talking with CISOs about this for many years and it's a common misconception among smaller companies that threat intelligence is not for them.
You may not think you need to know whether an attack is coming from, let’s say Russia or China. But we want to know that, and actually, it adds context. That information alone may not seem that helpful — unless you were a three-letter agency or working in law enforcement. You're not going to prosecute anybody. But the reality is that knowing who's behind an attack helps you to understand their motivation.
At the end of the day, we're dealing with humans. If we reduce it to just the malware, you're removing the human aspect, the geopolitical aspect, and the economic or military factors that drive somebody to launch an attack against another organization.
Understanding this is important to any business, no matter the size, because every business needs to have cyber resilience. And what is that? Well, that's not about being 100% impervious to being attacked. Let's face it, you cannot do that. Everybody's being attacked all the time, and nobody can avoid that.
What you can do is be resilient. That's why building threat models and risk assessments are very important. Having an idea of, okay, what's the worst thing that can happen to me? Is my business able to withstand these attacks? Able to recover from them? Able to adapt?
And that's where CTI is important — because it gives you the information that a CISO needs to stay on course to their desired destination.
More on Contextual Threat Intelligence
For additional highlights on the value of contextual threat intelligence, watch our recent episode of BlackBerry LIVE.
For a more in-depth discussion, you can watch the BlackBerry Security Summit 2022 session Anticipating Cyberattacks With Contextual Threat Intelligence on demand. You can also watch all the security summit presentations here.
Contextual CTI is a chance for cybersecurity to take a page out of the playbook of business leaders and make more strategic and effective decisions moving forward.