Building a Business Case for Cyber ThreatIntelligence

Building a Business Case for Cyber ThreatIntelligence

Reasons Your OrganizationNeeds a Risk-Based Approach to Cybersecurity5 Reasons Your OrganizationNeeds a Risk-Based Approach to Cybersecurity5

1. Know the specific cyber threats targeting your business

2. Limit the impact of your data for sale on the Dark Web

3. Bring cybersecurity into the broader risk discussion

4. Be able to show due diligence in a court of law

5. Redirect your cyber tactics for the most effective defense

Target, Home Depot, Sony, Anthem, the U.S. Office of

Personnel Management – even the biggest organizations

cannot keep themselves out of the headlines. Many of these

organizations had staff and myriad cybersecurity tools in place

(anti-virus, firewalls, intrusion detection systems, etc.), yet

they were still breached. Clearly, the current approach is not

working. Businesses cannot keep building higher walls and

deploying the same technologies without the INTEL to focus

on what matters most. You need cyber threat intelligence to:

5 Reasons for a Risk-Based Approach to Cybersecurity

The Bad Guys are Winning

of businesses have

experienced a data

breach within the

past two years. 45%

The Ponemon Institute

“

”

• Gain a complete picture of your cyber risk

• Focus on the most relevant cyber threats

• Act on threats before they impact your organization

Cybersecurity reports have consistently painted a bleak picture

for organizations. There have been 80-90 million cybersecurity

events per year, or up to 250,000 attacks per day in recent

years, according to The RIC Report. The expanding supply

chain of vendors, partners, and technology is an increasingly

exploited backdoor into organizations. It takes more than 200

days for businesses to even know they’ve been breached.

It’s no wonder that time and time again we see long-term

breaches that aren’t even discovered by the compromised

organization, but rather by an outside party such as law

enforcement. With so many attack vectors, not to mention the

ease of which cybercriminals can circumvent cybersecurity

tools through social engineering, deciding where to deploy

your “troops” can be difficult. With an intelligence-driven

defense, you know what threats are coming and you can

redirect your resources to focus on what matters most.

Threat Intel Helps You:

1. Security Breaches Keep Happening

Even with Security Tools

of attacks are

thought to

go undetected. 70%The RIC Report, Bank of America/Merrill Lynch, Oct 2015

“

”

0101100010110100

• Understand what cybercriminals are after

• Discover active threats against your organization

• Understand your fraud footprint

Those unfamiliar with the Dark Web tend to imagine it as

something akin to the Wild West. However, markets on the

Dark Web tend to work more like illicit versions of consumer

friendly services such as eBay or Amazon. Cybercriminals

actively sell and trade a wide variety of illegal goods and services

complete with user reviews, refund policies and other forms of

customer service. Users can easily purchase stolen credit cards,

user accounts, credentials, reward points, intellectual property

and cybercrime-as-a-service offerings, such as exploit kits,

malware and phishing pages. It’s sensitive, valuable information

– and the organizations it belongs to are often completely in

the dark. Knowing what is being sold is a crucial step in both

understanding what types of information criminals are after and

mitigating the threat before it gets worse.

Threat Intel Helps You:

2. Shining a Light on the Dark Web

Find Your Dirty Laundry

• Tie specific threats to the impact on your business

• Connect the server room to the board room

• Share cyber intel across the organization and supply chain

A data breach can cost millions, but its effects are even more

widespread: CEOs lose their jobs, profits drop, customers

leave, brands are damaged. Then there’s the costs of incident

response, customer notifications, class-action lawsuits,

regulatory fines, and audits. Cybersecurity is a risk that must

be managed at the board level, but business leaders are

struggling, finding it hard to align security strategies with real-

world business strategies (EY, Cyber Program Management,

Oct 2014). There remains a gap between the language of

cybersecurity and the language of business operations. A

successful cyber risk management program helps close that

gap by directly tying relevant cyber threats to business impact.

This is crucial as cyber-attacks are the number one source

of IP theft and economic attacks against governments (BoA/

Merrill Lynch). In fact, loss of Intellectual Property has grown

71% over the past 3 years according to Check Point.

3. Cybersecurity isn’t a Technical Problem

Threat Intel Helps You:

It’s a Business Problem

of execs have

major cybersecurity

concerns around

M&A Activity. 85%

Global Capital Confidence Barometer Survey

”

“

• Understand the most critical areas of cyber risk

• Identify and address gaps in your security program

• Show due diligence in the court of law

Legal liability with regards to cybersecurity continues to

evolve. In July 2015, the Seventh Circuit Court of Appeals in

Remijas v. Neiman Marcus Group found that just the theft of

customer financial information was enough to satisfy standing,

potentially opening the door for more breach litigation or a

Supreme Court ruling on the issue. In August 2015, the Third

Circuit Court of Appeals in FTC v. Wyndham Hotels & Resorts

confirmed that the Federal Trade Commission does have the

authority to take action against companies over weak data

protection standards. In addition to the FTC, organizations can

see legal action from various agencies such as the Securities

and Exchange Commission, the Department of Health and

Human Services, and others. Organizations also have to deal

with many state and federal laws regarding consumer privacy –

as well as evolving definitions of what are “best practices” and

“reasonable” efforts.

Threat Intel Helps You:

4.

You’re Liable for Poor Security

Changing Rules for Legal Liability

• Prioritize your cyber defenses

• Reduce any cybersecurity blind spots

• Account for all aspects of business risk

Rather than try to stay on top of every cyber threat – which

may or may not even be targeting your business – a risk-based

approach focuses on only the threats that are relevant to your

organization, your supply chain and your customers. This

ensures that your cybersecurity resources can be maximized

to get the most bang for your buck by addressing your top

areas of cyber risk. Without threat intelligence, organizations

may be blind to supply chain risks and Dark Web threats,

and their efforts may be unfocused. As the UK Government

Communications Headquarters Top 10 Security Steps

emphasizes, organizations need to apply the same degree of

rigor to assessing cyber risk as they do to other areas such

as legal, regulatory, financial or operational risk. After all,

cybersecurity is not just a technical issue, but one that impacts

all aspects a business. Using threat intelligence can help you

gain a clearer picture of your organization’s overall cyber risk.

5. Focusing on What Matters Most

Threat Intel Helps You:

A Risk-Based Approach

1. Know the specific cyber threats targeting your business

2. Limit the impact of your data for sale on the Dark Web

3. Bring cybersecurity into the broader risk discussion

4. Be able to show due diligence in a court of law

5. Redirect your cyber tactics for the most effective defense

Something is missing from the current state of cybersecurity.

Security is often stuck at the network level and risks aren’t

elevated to understand the impact on the business. Threat

intelligence can help bridge this gap between low-level tactics

and strategic insights, so you can protect your business and

your customers’ information to help your organization:

When it comes to data breaches, it’s no longer a matter of “if,”

it’s only a question of “when.” Be prepared and reduce your

risk with cyber threat intelligence.

Download the “How to Choose a Threat Intelligence Vendor” eBookLean more about choosing the right vendor to implement

threat intelligence with our complimentary eBook.

Schedule a Demo of SurfWatch Cyber AdvisorSurfWatch Cyber Advisor provides you with an immediate

threat intelligence operation that ensures the best defense.

Bridging the Cyber Threat Intelligence Gap

From Tactical to Strategic

45610 WOODLAND ROAD, SUITE 350STERLING, VA 20166 PHONE: 866.855.5444INFO@SURFWATCHLABS.COMWWW.SURFWATCHLABS.COM

ABOUT SURFWATCH LABS

SurfWatch Labs helps organizations and service providers quickly establish a strategic cyber threat

intelligence operation that drives more effective use of their tactical defenses. Founded in 2013 by

former US Government intelligence analysts, SurfWatch Labs solutions provide a 360-degree view

of cyber threats in the context of your business, along with practical and personalized support to

create immediate insights and meaningful action.