There’s no doubt that threat intelligence is a hot topic today. The debate goes on about how best to collect and analyse information to identify existing and emergent threats. Attacker techniques and capabilities are scrutinised to draw up plans for defence. Software applications allow organisations to draw up ‘attack trees’ to methodically describe the security of their systems. These methodical approaches have merit because they encourage organisations to think through different scenarios and reinforce their business continuity management appropriately. However, threat intelligence also needs to go further. It needs thinking that is ‘outside the box’ (or outside the system).
Part of the challenge in effective threat intelligence is its narrow definition. The term ‘threat intelligence’ in business commonly refers to attacks on information assets (data, systems, IT and networking infrastructure). ‘Business threat intelligence’ and ‘strategic threat intelligence’ also refer back to the IT-oriented view of the world. With IT now such an important part of professional life, it is natural that it should be a focus of threat intelligence. But limiting the discussion to IT-based techniques designed to uncover IT-centric threats would be dangerous for at least two reasons.
Firstly, attacks on information assets are not always IT or even technology-based. Social engineering and simple theft of mobile computing devices have proved that point. Threat intelligence therefore needs to cover a wider span of possibilities (including someone trying to set fire to your data centre for instance). Secondly, threats in general to an enterprise or an organisation go beyond incidents in IT servers. The SWOT (strengths, weaknesses, opportunities, threats) acronym for instance is used in business planning. It takes into account financial, market, regulatory and competitive threats, among others. All of these are important for business continuity too. So while you gather your (IT) threat intelligence, remember to look at threats beyond IT to keep your business continuity effective for the rest of the organisation as well.