The Generous CISO: Giving the Gift of Threat Intelligence
My daughter got a guitar for Christmas, a gift from her music-loving dad. And I signed her up for guitar lessons right away. This isn’t me pushing on her something she doesn’t want by the way. She’s been asking for a guitar for awhile now and I believe anyone’s life is enhanced when you take the time to learn, practice and master an instrument.
When she opened the present, I told her she’d need to put in the time and the work. She was going to need to study and study hard.
Like many gifts, the guitar came with strings attached. Threat intelligence is also a gift. In the right hands, good intel will save money and reputations. Threat Intelligence should never be taken for granted in a security organization. A wise CISO knows that Cyber Threat Intelligence is an investment that will in time pay off, because the teams receiving that intelligence will be able to save (dwell) time and money with the information they’re being provided.
I've spent years in cybersecurity and have been lucky enough to work with a large number of advanced Cyber Threat Intelligence (CTI) teams. I’ve seen that in many cases, the CTI team is often the team that’s responsible for making sure their stakeholders follow-up on the recommendations in their reports, instead of the other way around.
Granted: sometimes this works out well and the provided Intelligence is timely and actionable. But in other cases, those teams either just start producing reports (that no one reads) for the sake of producing reports, or worse: are not taken seriously by their stakeholders because they are never relevant.
Instead, incentivizing Security Teams for actioning the intel provided to them, ensures they will proactively provide helpful feedback, after all: it is now in their best interest to receive actionable Intelligence Reports. Continuous feedback helps the CTI Team to stay relevant.
Sometimes the problem is even worse. I’ve seen situations where intelligence comes in and no-one is responsible for taking necessary action. This is one reason I founded Liberty91: our platform makes it easy to understand how emerging cyber threats are relevant to your organization, and allows security teams to be informed in real-time. Liberty91 lets the security team squeeze every last drop of value from intelligence, informing teams on what they need to know, and why, and what to do about it.
After all, with Great Intel Comes Great Responsibility. And that’s why we’re here.