The COVID-19 pandemic has been extremely challenging for businesses and organizations – but one factor that is in danger of being overlooked is the effect it has had on cybercrime. A recent report from Interpol revealed an alarming rise in cybercrime coinciding with the COVID-19 pandemic. This shows that it has become more important than ever for businesses to take cybercrime seriously.
Keeping up to date with the latest threats is a really vital aspect of good cybersecurity. To do this, businesses need to make use of threat intelligence. Here we take a look at what open source threat intelligence is, and how it can be used by your organisation.
What is threat intelligence?
Threat intelligence represents the existing knowledge and understanding of cybersecurity threats and threat actors. It can be used to help businesses mitigate harmful actions and attacks by cybercriminals. Threat intelligence can come from a number of different places including human intelligence, technical intelligence and social media intelligence, with lots of examples of these being from open sources.
What makes open source intelligence so vital is that it is freely available. Open-source intelligence is not managed by anyone for profit – it can be added to and amended by anyone as new information becomes available.
Why is threat intelligence important?
Threat intelligence plays a huge role in the ability of businesses to prepare for potential cyberattacks and data breaches. It should be noted that without an understanding of the tactics, techniques, and processes (TTPs) used by cybercriminals, it is impossible to quantify the risk that they pose. Threat intelligence allows companies to build a risk profile and plan for the defences needed.
It can help businesses to understand and react to issues around vulnerabilities and access controls. Part of what makes this so important is that cybercriminals and adversaries are constantly changing their methods.
It is also important to mention that businesses need to act on threat intelligence. It can guide the best moves to make and where to invest – ignoring threat intelligence can cost your business a lot of money.
What are the sources of open source threat intelligence?
There are actually many important open source threat intelligence sources. The Malware Intelligence Sharing Platform (MISP), which is an EU-funded open source project, is free to download. This allows organisations to share intelligence on threats seamlessly. Another important open-source resource is AlienVault Open Threat Exchange (OTX), which is a community-driven project that encourages threat data sharing. It provides a huge amount of data that can help businesses.
There are other sources of threat intelligence that should be considered too. Twitter is actually a hugely valuable source of information from cybersecurity professionals, with the likes of Kevin Beaumont and James WT. Human intelligence is also important – it is gathered from talking to colleagues, going to conferences, and learning from other people. Information is also available on the dark web – although doing so is certainly something that requires real expertise.
One of the most difficult parts of using threat intelligence is finding a way to make sense of all these data sources that are coming into an organisation and turning it into actionable data.
If you have the time and expertise, one of the next steps of using open source threat intelligence is to undertake threat hunting. This is a proactive approach to cybersecurity that involves actively looking for previously unknown cyber threats that could potentially be lurking in your environment undetected.
How to apply threat intelligence to improve your organisation’s security?
Of course, the real challenge with threat intelligence is understanding how to leverage it in order to improve the cybersecurity of your organisation. Many businesses simply do not have the expertise or resources to manage this service in house.
In many cases, it can actually be hugely beneficial to work with a managed security services provider. These providers have teams of cybersecurity professionals who not only keep up to date with the latest data but understand how to make use of it to protect organisations.
Open source threat intelligence can help businesses to understand their risk profile, but it can also give them the opportunity to adapt to changes in adversarial activity. As a business, it is important to look at the intelligence that is available, and use that data to your advantage. It can be used to hunt for threats and to put stronger defences in place.
Disclaimer: The opinions expressed by contributors are their own and do not necessarily reflect the opinions of the editors.