Social engineering techniques date back to classical mythology. Social engineering can take many different forms, yet the basic concept hasn’t evolved since the Ancient Greeks deployed the Trojan horse. And as cyber security professionals, Trojan is a term we reference nearly every day. So why, in 2016, do we still struggle to spot a scam? The simple fact is, some tricks look like treats, and treats are our Achilles’ heel. In the spirit of Hallowe’en, we’re exploring the value of cyber threat intelligence in an increasingly connected world.
Industry debate tends to focus on educating people about their security responsibilities. Executing campaigns about staying safe online in the hope that our colleagues will bring these behaviors to work is optimistic. We all share the same priority; to get things done, and quickly – not necessarily securely. We’re quite happy for Apple to take care of the masses of personal data we carry in our pockets (if your pocket is big enough for the 7), and the more the better. We’ll install the latest update when we’re fed up of dismissing the notification.
The demands on businesses to deliver the latest technology in the most secure way possible is greater than ever, especially as we find ourselves surrounded by IoT – another concept driven by efficiency and convenience over privacy and security. Internal network protection is no longer enough, and does little to hinder the social engineers. Combining external threat intelligence with existing internal security solutions gives us a more complete suit of armor in the battle against cybercrime.
External threat intelligence enables organizations to achieve three key things:
- Enhanced visibility of threats in context improves incidence response performance.
- Rich external data empowers the Security Operations team to make more informed decisions.
- Reduce the time and cost involved in manual data analysis and threat mitigation.
Strengthening your security infrastructure and keeping up with today’s ever-evolving threat landscape require multiple sources of threat intelligence and involve each facet of an organization’s brand assets. From maintaining your reputation to preventing fraud, external threat intelligence helps speed up the process of identifying the ‘tricks’ and unveiling their disguise before they infiltrate a corporate network.
But it doesn’t hurt to remind users to be cautious; if something looks too good to be true, it probably is. The one thing we do know is spam leaves a nasty taste in your mouth, whether it’s in a tin or an email. Now, where’s my Pumpkin Spiced Latte?