Global threat intelligence services can be a powerful business security tool. But it's not the first one you should...
consider when setting strategy for better business security.
In my seven years working as a penetration tester and security consultant, I have seen thousands of different system configurations and myriad different security concerns, from some of the largest companies in the world, right down to tiny SMEs. One major problem companies around the globe have in common is that they focus their efforts in the wrong areas, not realizing the threats they face come from very simple security problems. This is a global problem: All but the most security-focused of organizations are guilty of ignoring the simple issues. I've lost count of the number of times large companies have asked me to review the security of hardened systems they've developed for a specific project, when all their staff are still using Windows XP and Internet Explorer 6.
Where global dangers lurk
If I were asked to list the main security concern that all companies should have, it would be phishing attacks. I've run many phishing simulations, mostly to trick users into divulging their Windows username and password, and have never had less than 50% of the recipients give up their credentials. Phishing is the No. 1 global threat. It's easy to focus on the next big advanced persistent threat, RAT or zero day, and forget that nearly all breaches that use these tools start with a phishing attack. By focusing on staff awareness, these attacks can be stopped before they even enter the network.
The human firewall really is the most important security asset a company can have. Investing huge sums of money in security systems such as SIEM, next-generation firewalls and endpoint protection can help greatly, but none are as effective as staff training. Take the recent U.S. Office of Personnel Management hack: A $4.5 billion security system failed to protect against the attack. Nearly all the breaches in the last few years started with phishing attacks.
Passwords are basic, but key
It's time to focus on the basics, on passwords. How many people truly understand how to choose a secure password, and how many website owners know how to safely store them? There are new authentication mechanisms in development, but for now, we're stuck with username and password. In my experience, 99% of people think that A%af5!£ is a stronger password than I love my new chair. They're very much mistaken. It's not their fault; they've just never been shown how a hacker breaks passwords.
Password strength is far closer linked to length than complexity, and beyond a certain level, passwords become uncrackable, as long as the way they stored (e.g., salted and hashed) is secure. Weak and default passwords are often where a breach starts. This fact was highlighted beautifully by the weak VPN passwords that hackers guessed in the AshleyMadison hack.
Where global threat intelligence fits
Beyond passwords, how can you best increase your enterprise's level of security? First, analyze the threats your organization faces, and work out how sophisticated your attackers' methods may be. Global threat intelligence services can be useful here, but only if the security maturity of your organization is at a high level. Subscribing to threat intelligence services without the security infrastructure or staff understanding of what the data means is pointless, as you'll be paying for data you have no idea how to interpret or put to use.
If you do decide to invest in global threat intelligence, you need highly trained staff from a technical background who understand the real-world impact of these threats. A major problem with security teams in large organizations, in my experience, is that they lack the understanding of the actual methods hackers use to break into systems, and get bogged down in internal company policies and politics. This understanding is very important to successfully interpreting threat intelligence. However, with skilled staff in place, a threat intelligence security system can be a powerful tool for preparing for the most likely current threats.
But never forget about the basics. Keep your systems patched, your passwords long and your staff highly trained, and you will thwart most attacks before they've penetrated your network.
Find more information about intelligence services in this Buyers Guide