Corporate Threat Intelligence: Expect the Unexpected

News Updates

If an adversary or threat can exploit a vulnerability to harm an asset, then you have risk.

With the increase in advanced, multidimensional threats, some organizations are considering the services of a corporate threat intelligence program, or developing an in-house program—dedicating staff and other resources to deep inspection and analysis of data to avoid the sorts of attacks, crises and events that can cost a company millions, endanger personnel and damage its reputation.

“Corporate threat intelligence is the proactive, holistic and constant collection, analysis and dissemination of information that predicts and monitors the specific threats and risks facing a corporation,” explained Dov Gardin, director of Crisis Management and Threat Intelligence for N.Y.-based business continuity management group Lootok.

“Threat intelligence helps leaders identify challenges before they negatively impact operations, reducing the risk of getting caught off guard, and allowing the organization to take the steps necessary to prepare in advance for adverse events,” Gardin told SHRM Online.

A threat intelligence program is scalable to the size of your business, said Gardin. Developing an operation need not be complex or expensive, and could be as simple as IT staff being trained to pay closer attention to data. In other cases, threat intelligence might mean having a team of people performing deep content inspection and forensics on a full-time basis. Where you fall in that range depends on your overall risk profile, he said.

Threat Intelligence Should Be Proactive

Gardin advised companies to do their homework and gauge what threats may be specifically targeting their networks, data, people and operations.

A good start is for companies to make a short list of the threats that their businesses face. That list could include everything from cyberattacks, natural disasters and inside threats to violent uprisings at foreign locations where multinational employees could be in danger.

“By enabling corporations to understand both their internal and external threat environment before a crisis occurs, a threat intelligence program can help companies to properly prepare for or prevent a crisis before it happens,” said Gardin. Such a program can alert decision-makers to potential political or civil disruptions in unstable countries that could jeopardize the safety of employees and operations; it can help leaders understand and mitigate the risks of placing physical infrastructure in locations prone to natural disasters; or it can provide information about the most stable and secure supply chain routes, he said.

For most companies, sifting through data to identify attack patterns can give them a good idea of the types of that they need to worry about. The only problem: Wading through the actual data is time-consuming and difficult.

Good automation is key to separating the attacks from the noise, said Gardin. A robust threat intelligence program will also substantially improve situational awareness by presenting information about the entire operating environment and potential threats in a customized and easily understood format. This will allow decision-makers to immediately understand the pressing risks they face and how those risks could affect operations.

Threat Intelligence Should Consider All Threats

A robust threat intelligence program needs to take into account all threats—including geopolitical risk, environmental trends and threats, civil unrest, industrial crime, terrorism, war, social activism, cyber threats and corruption—all within the context of its business operations and strategy, Gardin said. It should also monitor for internal threats such as poor or nonexistent resiliency plans, abnormal patterns in incident reporting, worker conditions in foreign plants, the supply chain infrastructure, and the operations of business partners.

“This means that a threat intelligence program not only monitors tornado activity for a distribution center in Kansas, but it also takes into account the ongoing shipping strike impacting the flow of goods into and out of the distribution center, and the geopolitical activity taking place in the region where the goods are sourced,” said Gardin.

But it doesn’t end there. Threat intelligence should also take a macro view by identifying threats to all distribution centers in the company’s entire network, he said.

Threat Intelligence Never Sleeps

One of the important aspects of a threat intelligence program is that it operates in real time, monitoring events around the world 24 hours a day, 7 days a week, Gardin said.

A strong threat intelligence program empowers leaders to understand the company’s footprint on a day-to-day basis and to increase organizational situational awareness, as the world changes.

“This is critical because neither the company nor its threat environment is static. As a company evolves, so do its risks and the threats it faces. New threats appear while old ones change or disappear,” Gardin said.

Roy Maurer is an online editor/manager for SHRM.  To read the original article, please click here.