Whether we realize it or not, our digital lives and what we see on the internet are controlled and determined by algorithms and analytics. Through them, businesses learn what our preferences are and what we're drawn to in order to target us with information. The idea is to present us with information that is most relevant to us. In the same way, cybersecurity professionals are constantly faced with an enormous amount of threat data to sift through and prioritize on a daily basis. In fact, "too much data to analyze" is the number one obstacle inhibiting companies from defending against cyber threats according to the 2019 Cyberthreat Defense Report by CyberEdge.
For the past couple of years it seems like threat intelligence is everywhere. Every vendor offers a threat intelligence solution, every organization seems to be using it to some degree. At security conferences it feels like you just can't escape the topic. Is it really as valuable as everyone seems to think it is?
But these positive results are dependent of several things. Some may think that, for example, cybersecurity is directly proportionate to the amount of threat intelligence they collect. In reality, though, threat intelligence information can only serve their organization to the extent that they are able to digest the information and rapidly operationalize and deploy countermeasures. "You may collect information on an ongoing or future threat to your organization to include who the threat actor is, what are they going after, what is the tactic they will utilize to get in your network, how are they going to move laterally, how are they going to exfil information and when will the activity take place. You can collect all the relevant threat information but without the infrastructure in place to analyze the large amount of data coming in, the organization will not succeed in successfully orienting themselves and acting upon the threat information," Santiago Holley, Global Threat Intelligence Lead at Thermo Fisher Scientific, told Help Net Security.
Recently unsealed court documents link 18-year-old Michael Kadar to a posting on the now-shuttered illicit marketplace AlphaBay advertising a "School Email Bomb Threat Service." The poster offered to send customized threats to schools for $30, plus a surcharge if the buyer sought to have someone framed. The price would increase if the buyer wanted to target more than one school or an entire district, according to the post, whose author offered refunds if a threat produced no evidence of success.