RSA released new insights from a group of the world’s leading CSOs, designed to help corporations and governments improve visibility into advanced threats ranging from industrial espionage and disruption of business and financial operations to sabotage of corporate infrastructure.
The research report is the ninth in a series from the Security for Business Innovation Council (SBIC), and provides both business and technology executives with specific recommendations on how to develop an intelligence-driven approach to counter advanced threats.
Based on the real-world experiences of 17 top global information security leaders, the report provides a playbook for enterprise security executives who wish to leverage the universe of intelligence data available to help detect, predict and mitigate cyber attacks.
“The day-to-day use of cyber risk intelligence is no longer just for government agencies – it’s a required competency for corporate survival,” said Art Coviello, Executive Chairman of RSA. “The tempo and serious nature of recent attacks calls for urgent and bold countermeasures that position organizations not only to detect advanced threats, but also to predict how attacks may occur so they can take steps to help mitigate risk and impact. Combating advanced threats requires a new security mindset and vastly improved practices for gathering, sharing and acting on cyber risk intelligence.”
New defense doctrine for advanced threats
The SBIC is a group of top security leaders from Global 1000 enterprises convened by RSA to discuss top-of-mind security concerns and opportunities. In the group’s latest report, “Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,” the Council advocates for a new defense doctrine for combating advanced threats.
Called “intelligence-driven information security,” this collaborative, big data approach includes:
- The consistent collection of reliable and actionable cyber-risk data from a range of government, industry, commercial, and internal sources to gain a more complete understanding of risks and potential exposures.
- Ongoing research on prospective cyber adversaries to develop knowledge of attack motivations, favored techniques and known activities.
- The growth of new skills within the information security team focused on the production of intelligence.
- A process for efficient analysis, fusion, and management of cyber-risk data from multiple sources to develop actionable intelligence.
- Full visibility into actual conditions within IT environments, including insight that can identify normal versus abnormal system and end user behavior.
- Informed risk decisions and defensive strategies based on comprehensive knowledge of the threats and the organization’s own security posture.
- Best practices to share useful threat information such as attack indicators with other organizations.
“It can be hard to digest having to develop a multi-year plan to learn who your adversaries are and how they’re going to steal from you,” said Tim McKnight, Vice President and CISO, Northrop Grumman. “Quarter-by-quarter, you may not see any losses. It could be years until you see the losses – when all of a sudden, out of the blue, a company in another part of the world becomes the leader in your space, having subsidized itself with your R&D investments.”
The Council’s new report lays out a six-step roadmap to achieving intelligence-driven information security:
Step 1: Start with the basics
Inventory strategic assets, strengthen incident-response processes and perform comprehensive risk assessments.
Step 2. Make the case
Communicate the benefits of an intelligence-driven security program to executive management and key stakeholders. Identifying “quick wins” to prove value out of the gate is essential for gaining broad organizational support, including funding.
Step 3. Find the right people
Look for professionals who can blend technical security acumen with analytical thinking and relationship-building skills.
Step 4. Build sources
Determine what data from external or internal sources would help detect, predict or lessen the chances for a targeted attack; evaluate sources on an ongoing basis.
Step 5: Define a process
Codify a standardized methodology to produce actionable intelligence, ensure an appropriate and timely response and develop attack countermeasures.
Step 6: Implement automation
Find opportunities to automate the analysis and management of large volumes of data from multiple sources.