Blog Post

Cyber business intelligence – skepticism may save your company

by Danka Mihailovic
Skepticism maybe isn’t desired characteristic when talking to your friends, but when it comes to protecting your business and making it prosperous in today’s world, being skeptical may be your biggest competitive advantage. The first mistake made is to think that there’s nobody who will harm your business or that your company is safe and sound. Continuous tracking of possible threats and vulnerabilities means taking care of things the right way.
The goal of cybersecurity is to turn unknown threats into known ones. Potential threats exist in a broad variety of sources and may take many forms. Attackers aim for sensitive data about employees, customers, projects, clients, or other business-sensitive content
Threat trends
Recent Microsoft Security Report showed that overall malware attacks are on the decline (yet not to be underestimated), but that attackers continue to use phishing as a preferred attack method. According to this report, the share of inbound emails that were phishing messages increased by 250% during 2018. The evolution of phishing attacks and their adaptation to cybersecurity circumstances remains a problem for security professionals mainly because they involve human decisions and judgments.  
2019 Threat report published by CISCO identified other external threats to businesses nowadays. Email security is also seen as #1 problem with malicious spam and phishing being in top 3 threats.
However, improper file sharing and stolen credentials being in top 10 threats, show that insiders are also a great security risk. As they pointed out “Be aware that some criminals can log in, rather than break in”.
Foreseeing new attacks is becoming more and more difficult because of how unique each one is.
Security is not just an IT problem
With 2018. recognized as “the year of data breach tsunami” seems like it’s needed more than ever to discuss these issues and take cyber threats seriously. On the other hand, most organizations still discover a breach when damage is already done. Only 13% of publicly reported data breaches were discovered internally, according to Risk Based Security.  
Moreover,seven out of ten organizations fail the cyber readiness test.According to Hiscox Report, they fail to think of cybersecurity other than just as an IT problem. Often the cause is not under-investment in technology. Many companies approach cyber threats as primarily a technology problem and fail to adopt a formal strategy, sufficient resources and staff training.

The enemy within
Most of the cyber-attacks are intentionaland their goal is to achieve financial gain, disruption or strategic advantage (espionage). Other factors that are to blame are human errors caused by uninformed or careless employees and contractors or system glitches.  
Even those organizations which consider themselves security experts face the threat from within. Third parties often have direct access to networks, assets and sensitive data and it’s hard to monitor how third parties manage shared data. Last year a Walmart jewelry partner exposed the data of over 1.3 million shoppers. As it is necessary for third parties to have some access to the internal network, the company has to be able to limit and track that access.
The size doesn’t matter – small companies also at risk
While famous data breaches like the ones at Uber or Facebook cost them millions and get the news headlines, these companies managed to survive. For smaller business, even a small threat can prove fatal. Cyber attackers are indifferent about the size, industry or location of the business and small and medium sized companies are increasingly targeted.  
As large companies are spending more time and money to protect their businesses, attackers seem to turn their attention to those who underestimate potential threats or can’t afford such protection. Latest Verizon Data Breach Investigations Report showed that 43% of data breaches involved small business victims.
As no business is excluded from possible threats, the importance of cyber business intelligence is increasingly recognized by decision makers. Taking proactive security measures means preventing data breaches which will cost your company money and reputation.  
Ongoing intelligence cycle
Collecting threat data is only the beginning. Information relevant to the company’s security need to be analyzed, processed and interpreted to make sense of it. Integrating all forms of data is essential for providing actionable insights. That way organization can target current security vulnerabilities and threat attackers.
Taking these warnings into account, the company can get the resources and derive a comprehensive strategy needed to provide proper protection.    Intelligence is both a product and a process or, to put it right - ongoing and repeating process. Hostile attackers find new ways to endanger your business every day (or every second) and they don’t quit once they fail.
While big data technologies collect and store data efficiently and are of great help for detecting possible threats and leaks, the human element is still irreplaceable for providing context. Decision makers would like to know what the attacker's motivation or capabilities are. Because of data volume, different sources and types, making sense of collected data turned out to be one of the biggest challenges for cybersecurity professionals.    To produce relevant intelligence for the company’s owners and managers it is important to visualize obtained data. Providing a personalized look at its threat landscape will guarantee making well-informed decisions.
Winning or losing cyber wars
The more sophisticated and impenetrable protection becomes, the bigger the challenge and motive for the hackers to find a way to penetrate these defense walls. Predictions are that by 2021. cybercrime will cost the world $6 trillion annually, up from $3 trillion in 2015.  
On the other hand, a survey of security decision-makers in the US found that threat intelligence programs have saved companies an average of $8.8 million in the last twelve months.  
Hence, it seems that recognizing the importance of investment in threat intelligence is crucial for winning or losing cyber wars.

Want to team up with Abstract?

Reach out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.