The ability of compliance teams to support budgets for governance, risk, and compliance, depends on data derived from the threat intelligence.
It is estimated that compliance drives 50% of the spending in the cybersecurity industry. Some organizations recently said that threat intelligence was not typically taken into account by compliance frameworks. This was primarily due to a lack of identifiable metrics, noisy data feeds, and actionable intelligence pertaining to the customer’s pain points.
Organizations evaluate their current security posture using the National Institute of Standards and Technology (NIST) Framework, agree on organizational goals, recognize their gaps, and create plans to improve their security posture. Organizations can use this framework to demonstrate how important threat intelligence is for CISOs and security practitioners who are in charge of incident response, security operations, and third-party risk as well as for compliance personnel who must defend GRC budget.
Asset Control
A catalog of external information systems is kept. The monitoring of external digital footprints by service providers helps them spot new resources and services. The three most typical use cases for perimeter monitoring, or external attack surface management, are open RDP ports, shadow IT devices operating outside of firewall policy, and unauthorized file shares communicating with the IT environment.
Risk Evaluation
ID.RA-1: Vulnerabilities of the asset are identified and recorded. External assets also need to be continuously monitored and assessed to identify vulnerabilities and determine the likelihood that an actor will exploit those vulnerabilities, even though this sub-category is typically intended for internal assets being monitored for misconfiguration.
ID.RA-2: Information about cyber threats is gathered from sources and information-sharing forums. Threat intelligence and managed service providers can gather data on potential threats by having access to the dark web and open-source forums, including social media.
In order to do this, the web is typically crawled to find stolen credentials on the Dark Web, locate social media impersonations, evaluate physical threats to personnel or facilities, find negative brand and reputation sentiment, and, if necessary, engage directly with threat actors.
ID.RA-3: Identifies and documents both internal and external threats. External threats could include cybercriminals who offer access to an organization’s data for sale or ransomware groups that target specific organizations. By keeping an eye out for malicious activity (such as employees selling access or data on criminal forums) and unauthorized file sharing externally, intelligence providers can help with potential insider threats.
ID.RA-4: The likelihoods and potential effects on business are identified. The likelihood of external threat activity can be determined by intelligence, which can also provide context. For instance, context about particular ransomware families can be provided to see if detection tools can recognize their payloads without encrypting files. The analysis of the overall business impact can take this context into account.
ID.RA-5: Risk is assessed using threats, vulnerabilities, likelihoods, and impacts. Threat landscape assessments can be used to determine the overall risk to businesses by taking into account threats, vulnerabilities, and the likelihood of threats. An enterprise’s business locations should be included in a threat landscape, for instance, which should also include global geopolitical activity. Activities involving cyber, physical, insider, crypto/digital, and supply chain threats involving important vendors are of particular interest. To enable leaders to adapt as threats evolve, intelligence agencies seek to identify current and escalating threats.
Also Read: Resecurity presents Cyber Threat Intelligence and Dark Web Monitoring at Defense & Security 2022
Supply Chain Administration
ID.SC-2: Using a cyber-supply chain risk assessment process, suppliers and third-party partners are identified, prioritized, and evaluated. Attack surface and reputation monitoring tools are used by threat intelligence providers to monitor the internet for critical suppliers. An organization should conduct threat intelligence monitoring and RFI responses for critical suppliers where data and services reside outside of an enterprise’s perimeter and could present a higher probability of compromise (ex. MSPs) after ranking its suppliers according to importance, medium level, and low level.
ID.SC-4: To ensure that suppliers and third-party partners are fulfilling their contractual obligations, routine evaluations such as audits, test results, and evaluations are conducted. To ensure that audits, test results, and questionnaires are reliable, managed service providers and threat intelligence providers should ideally continuously monitor the internet.
For legal and compliance reasons, vendor questionnaires should be regarded as the starting point in third party risk assessment. However, especially for high risk vendors, these questionnaires should be validated and contextualized with threat intelligence.
Threat intelligence programs can easily be justified by increasing cybersecurity and compliance programs with actionable intelligence that complements existing programs and adds insight, as was previously discussed. More enterprise organizations should use it because it is a useful strategy.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates