Cyber threat intelligence to the rescue?

Verizon’s 2015 Data Breach Investigations Report (DBIR) calculates the average cost of a breached data record at 58 cents (US). This was calculated by dividing the estimated financial losses (approximately USD$400M) by the number of compromised records (approximately 700 million), after careful research with 70 global organisations.

In 60% of cases, attackers are able to compromise an organisation within minutes.

Given the escalating costs and frequency of these breaches, numerous threat intelligence companies and communities have begun to emerge, providing resources for proactively combating information security threats.

The DBIR dissected the value of threat intelligence and whether threat sharing was as helpful as expected as more organisations and governments “jump on the sharing bandwagon”.

The Verizon team compared intelligence sharing with the concept of “herd alertness”, similar to the way in which animals warn each other when predators are nearby. This concept, Verizon argues, would require that intelligence be shared at a faster rate than the spread of attack in order to successfully warn the rest of the herd.

Analysis conducted by RiskAnalytics shows that, in 75% of the cases, attacks spread from one victim to the next within 24 hours, with more than 40% hitting the next target in less than an hour.

“That puts quite a bit of pressure on us as a community to collect, vet, and distribute indicator-based intelligence very quickly in order to maximize our collective preparedness,” the DBIR reveals.

Even if it were possible to share this intelligence as fast as necessary, it is likely that some of the threat indicators wouldn’t remain valid for a sufficient length of time. Although the Verizon report admittedly didn’t have sufficient data from enough threat intelligence agencies to make conclusive findings about how valuable threat intelligence was, it did acknowledge that threat intelligence can assist with identifying and inhibiting the spread of threats of a more opportunistic, high-volume and volatile nature.

The overall takeaway from Verizon’s research underscores the importance of closing the gap between sharing speed and attack speed.

Anything that leads to the discovery of an incident is worthwhile. vsRisk™ is a cyber security risk assessment software tool that helps you to identify, evaluate and assess your risks, and provides a set of seven different control sets that you can apply to mitigate those risks, including ISO 27001, the PCI DSS, NIST SP 800-53 and ISO 27032 (cyber security controls).

Find out how to use vsRisk by watching our tutorials here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *