The key to identifying emerging cyber threats before they develop into serious risks is to undertake intelligence monitoring.
Damian Gomez, managing security consultant at ASX-listed cyber security firm Tesserent, said threat intelligence was one of the most powerful tools organisations had at their disposal to understand and mitigate the risks of a cyber attack.
“Cyber risk management means understanding the environment you are operating in so that you can predict the likelihood of an incident occurring, and design and implement appropriate mitigation strategies to minimise the probability and disruption,” Mr Gomez said.
“That environment includes constantly adapting adversaries that have established collaborative networks that operate in private, in the darkest recesses of the internet. Designing appropriate strategies means first identifying what can be found in these underground networks.”
Threat intelligence experts can find stolen data, personal information, breached credentials, proprietary code and other sensitive data.
“It can take months before internal security teams become aware of a breach and why undertaking regular external intelligence monitoring can minimise the dwell time of some attacks,” Mr Gomez said.
He explained that in one recent case, a financial services company learned that a hacked social media account led to a potential breach of the company’s VPN.
“A high-ranking employee was using the same password for the VPN as their social accounts. When the social media accounts were compromised, the VPN became vulnerable. It was only by scouring the Dark Web that the threat was detected and neutralised,” he said.
“Navigating this complex labyrinth is about more than finding an IP address and connecting to TOR or finding an Internet Relay Chat channel. It requires a variety of different intelligence-gathering techniques, tools and knowledge that are far outside the capability of traditional scanning tools and penetration testing.”
For organisations that feel they are at a heightened level of risk, Mr Gomez suggested engaging experts that conduct ongoing monitoring.
“As new risks emerge, you can be notified so you can put appropriate mitigation processes in place,” he said.
“By monitoring the activities of criminals, experts can design strategies to avoid or minimise the damage from an attack.”
Source: Business Australia
