Cybercriminals are increasingly launching high-profile attacks with greater complexity and magnitude. More sophisticated malware are being developed to circumvent security solutions and evade detection, and attacks are increasingly focusing on thwarting business operations. Hence, with each passing day, organizations need to concentrate more on staying a step ahead of the cybercriminal community that can be achieved through information and intelligence sharing.
In cyberspace, there is a stark difference between the terms information and intelligence. Both terms pertain to how data relating to past, current and emerging threats are incorporated and used. However, what most of the people consider intelligence turns out to be merely information.
In the simplest terms, information relates to raw, unverified and unevaluated data gathered from numerous source, while, intelligence refers to processed, evaluated and perspective-driven data that is gathered from trusted sources. Threat intelligence is evidence-based knowledge about an existing or emerging cyber risk. It includes knowledge about mechanism, indicators of compromise (IoCs), impact, implications and actionable advice about the risk, collected through extensive analysis--giving cybersecurity teams enough information about how hackers might attack an organization. When information, which is raw data, is collected and aggregated at a higher level--including collective experience of businesses, industries and governments--it creates a rich tapestry, allowing organizations to design proactive defence mechanism against anticipated threats and becomes intelligence.
Considering a security example, information is how many threat actors are targeting the US cyberspace. Intelligence is knowing about active threat actors along with their motivation, targets, attack methods and mitigation. Information is crucial for gathering threat intelligence. Using Artificial Intelligence, Machine Learning and Cyber Fusion based solutions information can be processed, analysed and co-related at strategic, tactical and operational levels to gather actionable threat intelligence that provides a clear-cut direction in which SecOps and incident response teams must look into for proactive containment of cyber risks. This way, major security incidents can be avoided from recurring. Hence, sharing intelligence is vital to ensure cybersecurity.
While information is a broader domain that encompasses intelligence, there is also a contextual difference that separates the two. Intelligence for the financial sector can be considered as mere information for the retail sector because of its lack of applicability. However, this might not hold true for all circumstances such as those involving common processes, technologies and assets under a similar type of attack.
In cybersecurity, both information and intelligence are valuable but incorporating automation, orchestration and integration is crucial to provide context and applicability and prevent analyst fatigue. Collaboration between industry peers can improve the quality of information and intelligence sharing -- as hackers generally tend to develop malware that affects organizations in multiple sectors. Sharing information and intelligence within organizations and outside organizations creates exposure to insights and resources. For instance, if your company doesn’t have the transactional lines of business to combat the complexity of the problem, collaborating with other companies can give more visibility into emerging technologies and prevention measures. Processes supported by critical information sharing allows organizations to better detect and stop emerging threats along the kill chain.
Not just security analysts, employees of a company can also form valuable assets for information and intelligence sharing. In the times when BEC (Business Email Compromise) scams and spear phishing attacks are becoming popular, employees must use special platforms to share information and intelligence on suspicious incidents that are targeting their team/organization. When conducted securely with effective collaboration, information and intelligence sharing helps organizations predict potential cyber attacks, assess damage and take proactive measures.