Cybersecurity experts recently sat down to discuss the need for organizations to better integrate their fraud detection and cyber-threat intelligence practices, and the important role that automation plays
At our recent CISO Champions US event, we hosted a fireside chat that explored intelligence-driven fraud mitigation tactics and strategies. Under discussion was the need for organizations to better integrate their fraud detection and cyber threat intelligence practices, and the role that automation can play.
Threat Intelligence Is A Data Game
There is now a huge emphasis on cybersecurity within organizations. However, those organizations mustn’t ignore the fraud aspect, said David Goodpaster, associate vice president for TD Bank’s Cyber Intelligence Centre.
Goodpaster said fraud actors will extort an organization, steal and sell their data, or steal funds from the company. As such, Goodpaster said organizations must follow the kill chain down the line to look at post-exploitation – what actually happens after a successful attack? It is, he said, a data game from an intelligence perspective.
“There’s vast troves of data that you can bring into your environment; the challenge is how do you analyze it, and then how do you pull meaningful insights from that to protect your organization?.” said Goodpaster.
He continues: “You don’t have to build a separate fraud intelligence team, because a lot of efficiencies can be found in the intelligence data sets you’re already receiving. You can do the analysis; you can look into that fraud kill chain and leverage some of that for some efficiency.”
Automating Threat Intelligence
With commoditized malware and many threat actors selling their wares across the dark web and different forums, a whole underground cyber fraud economy now exists. So how do you tackle that threat? The first thing is to establish your intelligence collection requirements.
“What are those things that are most likely to impact your organization? Whether it’s understanding the critical technology assets you have, a particular vulnerability or an exploit coming out,” said Goodpaster. “Then once you map all that out, you can set up prioritization.”
“Intelligence is there to better protect and tune your systems as much as possible in an automated way with what you’re learning,” he continues. “There are different technologies to enable this, but the key is hooking that intelligence into your organization’s detection systems.”
For cybersecurity executives, the key is to understand which platforms you have in place and how you integrate the intelligence that you’re receiving. Once you have done that, you can automate that intelligence into your defensive platform so you can operate at scale and at speed.
Intelligence Investment Is A Balancing Act
Where should organizations start when it comes to investing in an intelligence program? Many organizations find it a balancing act as they judge best how best to spend their finite budgets on a mix of platforms, people and technology.
“Where you spend that money is going to depend on your organization. The first thing is, have you done the proper prioritization? That will help you understand if you’re getting out of your intel program what you should,” said Goodpaster.
“Ultimately, you have all this data – intelligence suppliers you’re paying for or free intelligence sources – how do you automate and get the full value out of that data set? That’s the key piece and you’re only going to get that through automation,” he continues. “If you look at NIST, there’s some great kind of guidance and will give you a little bit of that roadmap if you’re not really sure where to turn.”
A Fine Line Between Business And Protection
It is also important that organizations consider the viewpoint of ‘non-intelligence people’, as it will be these individuals implementing the system in-house.
“Intelligence is becoming sexy, but we keep forgetting that we need to take into perspective the IT people, the people that would actually do the configuration. The people that probably have the context, which is becoming more and more of a key term,” said Omer Carmi, VP of Intelligence at cyber intelligence company, CyberSixgill.
“You cannot lose sight of who your ultimate end client is and understand what you’re there to protect against and how you materially reduce that risk, added Goodpaster. “Security is a fine line between business and protection. How do we reduce that risk to an acceptable level as we operate within this environment to protect our organizations and our clients? That’s key.”
Education is essential for stakeholders
There are some best practices to follow for any organization looking to leverage intelligence in the fight against fraud. Firstly, it is important that intelligence providers convey what resources are available to the stakeholders or board.
“They need to be assured that everything that we as practitioners are doing is 100 percent in line with their targets, their strategy, their scope of business,” said Carmi.
Secondly many stakeholders’ roles are a mix of strategic, operational and tactical focus. Each of them is its own discipline and should be treated as such. However, the most important aspect is education.
“One of the key things that we as practitioners need to do is to educate other stakeholders,” said Carmi. “We need to educate the board on what threat intelligence is, and what the current trends are. Awareness is something that many disregard because it’s not very sexy. But awareness is super important; awareness drives budgets, awareness prevents human errors.”
- Organizations should analyze data and extract meaningful threat intelligence insights
- Automation is key, as in integrating intelligence into your organization’s detection systems
- To manage risk, you have to be educated on it – from senior leaders to the individual employee