By: Steve Bomberger, Head of SEI Sphere
In an increasingly networked world, where financial services companies and their customers are constantly connected, threat intelligence is essential to protecting firms from pervasive cybersecurity risk. Threat intelligence is business-critical insight into the most common vulnerabilities and attack vectors influencing industrywide cyber posture. It is available to security management providers who can both see across their like-sized, similarly structured clients and can engage with industry peers to share anonymized data.
In many cases, bad actors deploy similar attacks concurrently against similar organizations, and with up-to-the-minute threat intelligence data, cybersecurity providers can often preempt attacks by patching vulnerabilities that are being exploited across the industry.
As small- to midsize firms continue to try and tackle cybersecurity with their existing IT teams and technologies, they are critically blind to the available intelligence on impending or existing attacks. It’s crucial that all such firms understand how threat intelligence is gathered, why it matters, how it influences a company’s cyber posture, and why operational scale and data aggregation are key to anticipating and defending against cyberattacks.
Threat Information vs. Threat Intelligence
Many firms think they may have a line of sight into impending threats, but it’s important to outline the critical difference between threat information and threat intelligence. Threat information is simply data about industry threats. Without deep analysis into its context, cause, import, consistency etc., threat information isn’t actionable or impactful.
Threat intelligence, however, is expertly aggregated threat data that help firms prioritize the right components of their cyber defense. Effective threat intelligence should analyze:
- ● The context of the threat
- ● The applicability of the threat to the organization
- ● The tools available to strengthen cyber defense against those threats
- ● How effective those tools are against said threats
Financial services firms often lack access to broad, industrywide threat data, and even when they have it, they rarely have the internal expertise and scale to evaluate it properly. But without threat intelligence, they’re missing key insight into where potential attacks may begin—and how they can stop them before they do.
Threat intelligence, particularly the ability to identify and analyze potential cybersecurity threats across like-structured companies, plays an essential role in a broader “Defense in Depth” cybersecurity strategy.
Defense in Depth involves structuring cybersecurity in order to slow or stop any potential attack with multiple mechanisms across different attack vectors. It helps to ensure that even if an attack bypasses some of a company’s protections, a series of layered resiliencies help identify hackers as they try to penetrate security, slow their attacks and alert the appropriate teams immediately.
It’s therefore essential to leverage threat intelligence to strategically protect all relevant endpoints by continuing to reinforce each of the protection layers. With insight into how a new attack may begin, cybersecurity providers can adjust a firm’s posture accordingly and ensure that they’re even better protected.
Among the most pervasive cybersecurity myths is that bad actors discriminate on account of size or reputability. This myth often leads small and medium sized financial services firms to dramatically underestimate the gravity of the threat they face, in turn potentially leading to poor cybersecurity staffing, inadequate technology, and insufficient cybersecurity governance.
With deeply sophisticated bad actors operating at scale, financial services organizations are encountering dangerous cybersecurity risks every day. And many of these risks are amplified by COVID-driven remote and hybrid work, expanding an already-wide technological surface area.
Facing such a pronounced threat, it’s crucial that firms employ critical best practices to protect themselves, their data, their clients, and their reputation. A Defense in Depth approach helps to mitigate the risk that a single, unpatched vulnerability could cause cataclysmic damage, while threat intelligence provides insight into the areas of the business at greatest risk of a potential attack.
At this point, a cyberattack is no longer a question of “if” but “when.” Without threat intelligence, the more potent question may be “how bad?”
Steve Bomberger is the Head of SEI Sphere, providing clients end-to-end cybersecurity and IT solutions designed to address the operational technology and security challenges facing financial institutions.