Conclusion The future of cyber threat intelligence Despite CTI not being fully proliferated within the marcetplace$ organizations will need to continue to adapt to change in the cyber threat landscape to better understand how threat intelligence can reduce their over%all business risc& CTI discussions surrounding business risc rather than bust security risc will become more and more common& Mnderstanding cyber threat riscs to the business’s Ônances$ reputation$ information and operations will continue to broaden the discussion beyond a security or technology audience& Short-sighted and pressured organizations will continue to buy threat intelligence feeds and technologies, without aligning such investments to a long-term vision for governance, integrated processes and unique business requirements. However, more and more companies will begin focusing on building a robust threat intelligence capability and/ or using tailored intelligence to answer their speciÕc business questions; this will lead to greater investments in the process design surrounding CTI and industry/organization tailoring of threat intelligence. Leading organizations will focus more heavily on customizing available CTI on their own, and become more willing to share threat intelligence with others in their ecosystem in order to make the threat intelligence actionable; this will lead to a greater distaste for proprietary protection of valuable intelligence context from intelligence vendors. In turn, CTI vendors will need to become more focused on providing details on how the adversary operates (dynamic indicators) than on sharing singular indicators of compromise (static indicators) that lack context. The Õnancial and government sectors will continue to lead the way in process-driven integration of CTI and information sharing. Industries with increasing risk and unique challenges, such as oil and gas, retail, health care, food and agriculture will increase investment in the area of CTI and, as these industries continue to evolve their threat intelligence capabilities, and they will undoubtedly contribute to the further development of the best practices in cybersecurity. CTI will help to enable organizations to leverage next generation security concepts such as: threat modeling, Active Defense, and advanced countermeasure operations. The aim will be to develop repeatable processes that are effective for all organizations in transitioning from a reactive security posture to a proactive approach. Organizations will better appreciate the need for understanding their own environment at a much deeper level in order to achieve this. There will be increased investment in the detailed mapping of networked environments, the long-term storage and visualization of security operations data, the identiÕcation and valuation of high value assets, governance and process design surrounding currently siloed security capabilities, the war-gaming of cyber scenarios against such assets, and the testing of countermeasures. Threats change over time, as do risks. EY believes that CTI processes can help organizations get ahead of those threats, mitigate the risks, and ultimately, ensure the success of the organization. 14 | @ow do you Ônd the criminals before they commit the cybercrime? — A close look at cyber threat intelligence
Cyber Threat Intelligence Report Page 15 Page 17