Threat Intelligence New threats, vulnerabilities, and threat actors are emerging every day, so organizations must scale up their threat awareness. Further, threat awareness must include up-to-date knowledge of both external and internal threats. And for this, threat intelligence is vital. Actionable threat intelligence provides contextual, real-time threat information that empowers organizations to prevent, identify, prioritize, and mitigate cyber-attacks. To maintain high threat awareness in the modern-day threat landscape, enterprises must: • Identify and track all internal threats, including suspicious behaviors; • Identify, track, and stay current on external threats; • Participate in information sharing communities to stay updated on new and emerging threats. Mission Awareness Cyber situational awareness is incomplete without mission awareness, which we can broadly define as an awareness of the organization’s mission or business, and how threats and countermeasures fit into the perspective or context of this mission. To start with, this requires developing a comprehensive view of the critical mission dependencies to operate in cyberspace successfully. By understanding these dependencies, the organization can: • Respond appropriately to a security event or crisis; • Triage, or prioritize, security incidents as per their impact on the organization’s mission or business; • Anticipate threats and risks by conducting risk and readiness assessments; • Implement informed defense planning to mitigate future events; • Conduct post-event forensic analysis to identify and address gaps in the security posture, and to minimize the chance of repeat events in future. H OW C AN I I MPROVE M Y C YBER S ITUATIONAL A WARENESS ? Ongoing and robust cyber protection requires cyber situational awareness at every level of the enterprise. A tactical and on-the-ground
understanding of threats is critical for day-to-day security. It’s also crucial to develop strategic and operational cyber situational awareness. Senior leadership should understand the potential impact of a security event on the organization’s ability to execute its operations. To achieve this level of situational awareness, lower-level details must be summarized and correlated to the business context. It’s also important to look for information about:
Indicators of compromise (IoC);
•
Threat actors;
•
• Tactics, techniques, and procedures (TTPs);
• Threat trends. The right tools can help improve visibility into the threat landscape and improve situational awareness by tracking: • Enterprise devices (endpoints), processes, applications, and users (both authorized and unauthorized users); • How authorized assets serve the organization, and how critical they are; • Known vulnerabilities on these assets. In addition to leveraging tools for:
Threat detection and management;
•
Network management;
•
Incident reporting;
•
Threat intelligence sharing;
•
• Risk monitoring. Enterprises must also integrate information and contextualize it to create a clear picture of what is versus what should be. For this, a robust system for situational awareness can be beneficial. Finally, organizations should assure that information sharing happens regularly and at every level. Creating awareness about threats and vulnerabilities should flow from security and IT operations teams to employees to provide ground- level situational awareness. At the same time, empower employees to share information with security stakeholders via incident reporting for strong threat mitigation. Cybersecurity awareness yields dividends when you can prevent chaos, rather than react to it. Source : https://reciprocity.com/resources/what-is -cyber-situational-awareness/ retrieved 3/8/2024
71
Made with FlippingBook Digital Proposal Creator