Threat intelligence is the compilation and analysis of information that helps financial institutions track and predict cyber threats. While cyber threat intelligence should be a key element of every institutions’ cybersecurity program, we’ve found many financial institutions take more of a passive approach to it by relying strictly on the media and third-party service providers for insight on the latest cyber threats and vulnerabilities. A lack of resources and general knowledge about it have also been major contributors to the slow implementation of threat intelligence programs.
Here are 3 steps you can follow to improve your threat intelligence program and better protect your institution from security breaches:
Participate in Information Sharing Forums
The first step in developing a robust threat intelligence program is to subscribe to threat intelligence resources. Information-sharing forums, such as the Financial Services Information Sharing and Analysis Center (“FS-ISAC”), can provide financial institutions with detailed threat intelligence data on the current cyber threats impacting the industry. These forums will generally provide information on the type of threats that are prevalent, the source of the threats (i.e. IP address or country of origin), as well as specific details on the exploits that have been attempted.
Analyze and Communicate Threat Intelligence
The next step is to define and implement an effective internal communication strategy for actionable items. Once an actionable threat is identified, the threat should be communicated to relevant internal personnel who will understand the severity of the threat, have the resources to analyze the threat, and develop the response strategy. Some response strategies include changing system configurations, educating internal personnel, modifying a business process, or updating policies and procedures.
After the threat intelligence analyst has examined the risk and a mitigation strategy is defined, the plan should then be communicated to your Board and senior management to make sure they are in agreement that the threat has been reduced to a tolerable risk level. Additionally, communicating threat information to this group will not only educate them on the changing cybersecurity landscape, but it will also hopefully make them more apt to allocate any additional resources and threat intelligence tools needed to reduce potential risks.
Threat Intelligence Sharing with External Parties
Last but not least, financial institutions must be more proactive in sharing their information with external parties such as their peer financial institutions, third party service providers, and law enforcement. Creating a threat intelligence network and sharing threat information is critical in helping external parties respond effectively to any identified threats before they manifest. Sharing information also helps institutions meet regulatory expectations.
When developing an external communication strategy, your institution needs to determine who is responsible for communicating with external parties, which types of threats can be communicated, and what level of detail can be provided in communications. To encourage threat intelligence sharing with your peer institutions and third-party service providers, consider establishing information sharing agreements. Such an agreement provides assurance that all parties will take adequate security and privacy measures to protect shared information. Another method to encourage external information sharing is to incorporate threat intelligence into your vendor management program. During contract structuring, include language that facilitates the sharing of threat information between the parties.
Once all of these items are in place, it is critical that your institution fully documents its threat intelligence program and regularly monitors it to see that it is working effectively.