What does “cyber threat intelligence” mean? Ohat can CTI do for you? Organizations may already be investing in various intelligence feeds and reports, but many are still Õnd themselves asking: “what can cyber threat intelligence do for me?” The breadth and diversity of EY’s answer is often surprising: Cyber threat intelligence is more than data and technology Ç it is analyst expertise$ • reÔned methodologies$ and process%drinen integration 78% The breadth and diversity of CTI value is not realized when investment is exclusively in of GISS respondents do not use a data and technology such as threat intelligence feeds or intelligence platforms. CTI must standardized cyber threat intelligence be integrated into security and business processes, tailored to the organization’s unique sharing solution challenges, and supported by trained analysts who use rigorous methodology. Cyber threat intelligence paints the bigger picture for cey decision%macers and • places security operators ahead of the cyber attaccer As the technology ecosystem continues to deliver a stream of disruptive innovations that have positive implications for both organizations and individuals, the cyber criminal is relentlessly discovering new techniques for attacking anything, ranging from medical devices to motor vehicles that can be connected to the internet (see www.ey.com/IoT). Faced with this expanding global attack surface, organizations can be overwhelmed by the amount of noise related to cyber attacks and the potential impacts those attacks may have for their business. Even when an organization possesses security data that could be used to inform decision makers, information is often spread across the business in such a way that establishing a single, business-centric view of the organization’s unique threat landscape appears out of reach. With cybersecurity at the top of the agenda in many boardrooms, EY believes that organizations require access to bespoke strategic insights that will inform leaders of the most salient threats facing their organization. CTI delivers these insights by integrating previously siloed security data from across the enterprise with external context to provide a holistic perspective of the organization’s threat landscape. This integrated approach strengthens the organization’s security posture by empowering stakeholders with an informed perspective on how cyber threats are relevant to their areas of responsibility. Additionally, CTI can empower a proactive approach by introducing a robust operational framework to counter adversaries that includes the proper governance structure and security operations maturity. Cyber threat intelligence is the enabler to more proactine security approaches • Simply reacting to a cyber adversary’s actions against your organization is certainly not an ideal security posture. EY’s believes that taking an Active Defense approach will enhance the organization’s current cybersecurity and focus operations on preventing the enterprise’s most likely adversaries from achieving their speciÕc objectives (theft, fraud, market manipulation, etc.) This focus is realized from insight generated by an integrated Cybersecurity Transformation program combined with analytical CTI. 4 | @ow do you Ônd the criminals before they commit the cybercrime? — A close look at cyber threat intelligence
Cyber Threat Intelligence Report Page 5 Page 7