2019 Corporate Cyber Intelligence Best Practices

Cyber threats have the potential for enormous impacts ranging from economic repercussions to physical damage. Corporate consequences can range anywhere from reputational damage and destruction of data to loss of customers and theft of intellectual property. Successfully protecting businesses from internal and external cyber threats requires a mix of strategic and technical knowledge that typically warrants the help of an outside firm. In this sense, Corporate cyber intelligence is about mitigating a specific kind of risk facing businesses, one that requires a strong familiarity with and access to a specialized suite of software, hardware, databases, and online research methodologies to combat.

The Software Engineering Institute (SEI), a nonprofit cybersecurity research firm, is a helpful resource here. The SEI defines cyber intelligence as:

“The acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities that offer courses of action to enhance decision making.”

Cyber intelligence often answers questions that arise in response to negative IT incidents: “who is doing this to us?” and “why are they doing it?” But cyber intelligence also allows for a more strategic approach and holistic assessment of the entire organization. In addition to reactive problem-solving, effective Cyber intelligence can be focused on how businesses might proactively analyze underlying organizational risks. Once threat actors are identified organizations can begin uncovering their potential motivations and targets and build out customized security measures to secure relevant data and assets. Explore and compare our top 2019 corporate cyber intelligence best practices so you can strengthen decision making through improved cyber intelligence.

Know your landscape

National park from the sky

Organizations should have a detailed account of all critical business assets to reduce cyber risk effectively. The Software Engineering Institute (SEI) defines critical assets as:

Patents Corporate financial data Customer sales information Human resource information
Proprietary software Scientific research Schematics Internal manufacturing processes
Technologies People Physical locations Copyrights

According to TechRepublic, the most prepared organizations:

  • Identify and understand their business environment’s critical assets
  • Keep a thorough log of accessibility privileges
  • Understand how and when these assets can be accessed
  • Keep tabs on new security technology like machine learning or other advanced computing measures

Critical asset identification is time-consuming, and can be provided by a risk management group that is authorized to collect pertinent info, assess vulnerability, and ensure security protocols are current. Explore what Prescient’s Vulnerability Assessment & Penetration Testing services can do for your business. The SEI maintains the the following position: “Failing to follow this practice can result in the inadequate protection of key resources, delayed response to critical breaches or data exfiltration, and impediments to mission success.”

Understanding the strengths and weaknesses across your organization’s landscape can provide insight into how effective or ineffective your current protective measures are. Assessing the environment helps establish the scope of required cyber intelligence efforts and establishes the preliminary data requirements to address potential challenges.

Think like the threat actor

Neon light symbols

Knowing your adversaries and the risks they present to your organization allows the ability to assess where current and future vulnerabilities lie. By mapping out potential adversaries, their risk level, and intent, you can begin to analyze where a potential attack may originate and consider the consequences to your business if the threat actor is successful. The SEI recommends building profiles of your top cyber threat actors and tracking them and their capabilities against vulnerabilities in your organization. “Threat actors” can mean anything from internal employees or contractors to individual criminals with access to hacking methodologies and resources.

Whether it’s a disgruntled employee looking to cause the company financial loss by selling proprietary information to competitors or a DDoS attack from a Hacktivist group that disrupts public facing services, identifying and managing threat sources is crucial to improving overall cyber intelligence.

Recruit a robust cyber intelligence team

Pink and blue sky paint

According to an SEI study, another key to success is to hire a diverse team of cyber intelligence experts to address digital threats and gaps in an organization’s cyber intelligence defense.

“A rich pool of experience and backgrounds encourages diversity of thought and new perspectives that lead to the best solutions in better defending our networks.”

Traits to look for:

  • Curiosity
  • Critical thinking
  • Willingness to learn
  • Ability to adapt
  • Analytical acumen
  • Strong interpersonal skills
  • Executive communication skills
  • Exemplary writing skills

Finding a good team fit is just as important as hiring someone with strong technical skills. Recruiters and managers will want to consider candidates with high emotional intelligence to foster a positive team culture and improved collaborative efforts.

Employees who can translate technical jargon to non-technical language will play a key role in driving forward cyber intelligence initiatives. The teams that can speak and listen to audiences at all levels within the organization and outside of it will find success and provide the most value. While some technical know-how is needed, SEI states in their report, “New hires don’t necessarily need to know the tools from the start, but with a passion for learning, critical thinkers can become extremely skilled at using them to get the right information quickly.”

Take advantage of informal networks

People having a business meeting

Now that you’ve hired a diverse and passionate team of cyber intelligence professionals, you may want to consider tapping into their informal networks. Peer to peer relationships can include people in another department of the same organization or even someone working in a different industry.

Talking to trusted peers about problems and trends, and being able to bounce ideas off of them can provide valuable feedback and may lead to insights not otherwise gleaned from inside your department. Some organizations may find their people are already reaching out to trusted contacts to validate the information. Instead of stopping the exchange, put trust in your employees and their discretion.

Focus on communicating clearly & freely

Megaphone installed on orange wall

Findings from an SEI report indicate that communicating potential cyber threats or vulnerabilities to leadership is a challenge for many organizations.

“We have recently met with organizations whose cyber intelligence teams have not briefed their boards about cyber threats in years. We have also met with cyber intelligence teams that are buried in layers upon layers of bureaucracy, making it hard for them to get the right data to the right level of leadership in a timely manner. Some cyber intelligence teams report to leaders who lack any technical background, or leaders from law enforcement backgrounds who are overly focused on threat attribution.” – SEI report

Communication tips:

  • Reconsider presentation tools and visuals used to demonstrate results and findings to your C-Suite, board, and beyond. Are they visually compelling? Is the data displayed in a manner in which the audience relates?
  • Ask for transparency into executive officers and board members’ business priorities to provide reports that help them understand how cyber intelligence impacts their business goals and objectives.
  • Champion a culture of collaboration to manage increasing business risks. It doesn’t hurt to end with good news.
  • Cyber intelligence leadership should be in direct communication with the corporate board and not rely on monthly or quarterly meetings as the sole touchpoints.

By contextualizing cyber intelligence needs in terms your audience can easily understand, the cyber intel team can help all levels of their organization understand the tactical, operational, and strategic risks their business faces.

Do you have your own cyber intelligence best practices? Share them with us on Twitter and LinkedIn.