The Evolution of Intelligence in 2017

2017 in Review: The Year of Business Risk Intelligence

As security professionals, we’ve faced no shortage of challenges since the start of 2017 -- from the abundance of large-scale data breaches, ransomware attacks, and business email compromise schemes, to risks posed by Internet of Things (IoT) devices, supply chain vulnerabilities, and insider threats. These challenges have ultimately helped create numerous noteworthy shifts in how we approach not just security, but also in how we obtain, apply, and further integrate intelligence. 

Here are the top three trends that defined the evolution of intelligence in 2017:

Increased engagement in intelligence sharing

Most of us can agree that when executed correctly, intelligence sharing can be highly-beneficial -- yet historically, the extent to which many organizations have shared intelligence has been limited or non-existent. While rightful concerns over trust and privacy will likely always hinder participation, intelligence sharing has gained substantial traction as a “best practice” in 2017. The emergence of various new intelligence sharing groups has contributed to this trend, as have the substantial number of threats and resulting incidents for which external collaboration was integral to mitigation and forensics efforts. 

Intelligence Trends

The collaborative takedown of the WireX botnet this past August is a great example. Following the news that researchers from Akamai, Cloudflare, Flashpoint, RiskIQ, and others teamed up to neutralize a massive DDoS botnet, they were widely recognized not just for tackling WireX, but also because their joint effort epitomized the immense benefits to be gleaned from effective, trusted collaboration and intelligence sharing. 

Balancing automation with human-powered analysis

The introduction of automation has led to sweeping changes throughout the industry over the last few years. Among these changes is the emergence of the term “automated intelligence.” Typically comprising data collected by automated tools from various online sources, automated intelligence isn’t really intelligence at all -- a fact that has become even more clear in 2017. 

While traditional uses for certain types of intelligence have long consisted of technical indicators of compromise (IoCs) -- most of which are gleaned from automation, more organizations are recognizing that IoCs and other automated data are rarely actionable until contextualized and further enhanced by humans. 

And today as security teams and others across sectors continue to seek proactive visibility into the Deep & Dark Web communities where adversaries congregate and develop their schemes, the demand for intelligence powered by human-powered analysis is growing. Although automation remains integral to data collection efforts, mitigating the threats and challenges organizations are now facing requires finished intelligence -- not just data. And in order for this data to produce true and actionable intelligence, it must first be processed and reviewed for slang, lingo, code words, sarcasm, credibility, and other social and contextual nuances -- all of which require human judgment to assess. As a result, attaining the proper balance between automation and human-powered analysis has become a must-have.

The widespread adoption of Business Risk Intelligence

As I mentioned, traditional approaches to intelligence have long been rooted in IoCs that are, by nature, largely tactical. While IoCs can help cybersecurity teams detect the existence of certain threats, they can’t do much else. After all, even though countless threats appear to exist, they’re not all relevant or even legitimate. The widespread adoption of Business Risk throughout 2017 reinforces the fact that more organizations are seeking insight into more than just individual threats -- they’re striving for strategic, comprehensive visibility insight into their overall risk.

Indeed, 2017 has been the year of Business Risk Intelligence (BRI). In addition to supporting their cybersecurity teams, more organizations are leveraging BRI to benefit all business functions across the enterprise -- something that has become a true necessity given the number of threats and subsequent business risks that have had far-reaching impacts so far this year . As more organizations implement effective BRI programs, they’re recognizing that just because a threat has originated on the Internet, it does not mean such a threat’s scope of influence will remain restricted to all things cyber. 

I’ve written previously about how BRI’s widespread versatility, and I’ll gladly reiterate: BRI enables organizations to not only bolster cybersecurity but also assess M&A opportunities, enhance executive protection, and strengthen physical security, among BRI’s many other uses. As such, it should come as no surprise that organizations seeking to address widespread risk amid the current threat landscape are turning to BRI. 

It’s crucial to recognize that 2018 will very likely be yet another year of increasingly complex and damaging threats and incidents, which is why we must always build upon and further enhance our intelligence strategies. While the evolution of intelligence in 2017 has yielded numerous promising advancements and increased integration and participation across the enterprise, we as security professionals know that there is always work to be done. Above all else, we need to continually seek and implement intelligence that is capable of giving us decision advantage to mitigating the broad spectrum of cyber and physical risks we face. 

Original author: Josh Lefkowitz