- Estimates of the average cost of a cyberattack on a small business range from around $25,000 to $38,000.
- Cyber threat intelligence examines the trends of existing and potential cyberattacks to help prepare against them.
- There are numerous threat intelligence providers that can help your business monitor threats and come up with a cybersecurity solution.
- This article is for business owners who use networks to store sensitive data or for operations.
When Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles,” the fifth-century Chinese philosopher couldn’t have imagined his teachings would apply to cybersecurity in 2022.
Yet businesses around the world are working to shore up their defenses against high-tech enemies at the proverbial gate by hiring cybersecurity analysts to research hackers’ methods through a process called cyber threat intelligence.
The cost of cyberattacks around the world has risen from $600 billion in 2018 to $945 billion in 2020, an increase of more than 50% and more than 1% of global GDP, according to a study by the Center for Strategic and International Studies cited in a McAfee report.
With all signs pointing to the problem only getting worse as free or cheap cybercrime toolkits, high-profile successful cybercrimes in the news, and few consequences for cybercriminals make cyberattacks easier to conduct, experts in the field are often tasked with creating risk assessments that help small businesses find any potential weaknesses.
Since the digital landscape is constantly shifting, cyber threat intelligence requires highly skilled individuals who can keep up with the changes and alert clients of potential threats.
Did you know? Cyberattacks cost small businesses an average of $25,612 per year, according to the Hiscox Cyber Readiness Report 2021. Similarly, Kaspersky Lab reports the average cyberattack costs small businesses $38,000.
What is cyber threat intelligence?
Cyber threat intelligence is an area of cybersecurity that focuses on the collection and analysis of information about current and potential attacks that threaten the safety of an organization or its assets.
By implementing this tactic, businesses can take proactive steps to ensure that their systems are secure. Through cyber threat intelligence and analysis, data breaches can potentially be prevented altogether, saving you the financial costs of having to set any incident response plans in motion.
The purpose of cyber threat intelligence is to give companies an in-depth understanding of the threats that pose the greatest risk to their infrastructure and devise a plan to protect their business. Analysts strive to give their clients as much actionable information as possible based on any existing threats they find.
Part of the understanding that comes from cyber threat intelligence analysis is why a hacker would attack your systems to begin with. Knowing the opposition’s motive can shed light onto what areas of your systems could be the most vulnerable. [Related: How to Improve Your Small Business’s Cybersecurity in an Hour]
Types of cyber threat intelligence
There are three kinds of cyber threat intelligence: strategic, tactical and operational.
- Strategic threat intelligence: This is a high-level assessment of potential threats, identifying who might be interested in attacking the organization or companies in its industry and what their motivations might be. It is presented to executives in the form of whitepapers, reports and presentations to show them how the organization needs to respond.
- Tactical threat intelligence: This relates to how and where the organization may be targeted and focuses on cybercriminals’ tactics, techniques and procedures. It is technical and is presented to IT and network professionals, with the goal of having them put defenses in place to prevent these types of attacks.
- Operational threat intelligence: This is information gleaned from active attacks, cyber honeypots (traps to entice hackers to reveal their tactics) and data shared by third parties. It includes highly specific data such as URLs, file names and hashes, domain names, and IP addresses, and should be used to block attacks (if caught early enough), limiting damage and eliminating known threats in the network.
With enough information and forethought, you can then implement the right tools to monitor for certain behaviors and conduct a potent incident response.
Why should you use cyber threat intelligence?
There are numerous service providers staffed with cyber threat intelligence analysts who will work with your cybersecurity or IT team to hash out a plan for your small business. Once hired, the service will investigate and explain any potential threats your business faces and what you can do to keep those threats at bay.
Armed with that kind of information, whoever takes care of your network can make the appropriate adjustments.
Along with providing your company the proper tools to stymie any cyberattacks, cyber threat intelligence can determine if you’ve already had a security issue. Through the use of indicators of compromise, intelligence analysts can determine whether your systems have been hit with malware that, if left undetected, could lead to stolen, corrupted or ransomed sensitive data.
One common type of malware is spyware, which can be installed on a system without your knowledge to obtain internet usage data and other sensitive information. In a business setting, this could be credit card information, customers’ and employees’ personal information, or other valuable data.
Malware can become a costly problem for any business. In 2021, there were multiple attacks using a kind of malware called ransomware. Ransomware locks systems down before demanding payment for the user to gain access. It was used to shut down Colonial Pipeline, causing a gas shortage on the East Coast.
Ransomware attacks are particularly costly; the average ransom payment jumped from $5,000 in 2018 to $200,000 in 2020, a 40-fold increase, according to the National Security Institute.
Did you know? According to Cybereason, 80% of victims who submitted a ransom payment experienced another attack soon after, and 46% got access to their data but most of it was corrupted.
What to do if you uncover a cyberattack
When you discover that your organization has been attacked, time is of the essence. Take these steps immediately:
- Mobilize your incident response team. This includes your IT and network personnel and may also include software and external IT vendors, HR professionals if employee data was compromised, legal counsel if intellectual property was compromised, and operations managers if ransomware halted operations.
- Secure the systems. Depending on the type and scale of the breach, this might mean isolating or suspending the compromised section(s) of your network temporarily, or possibly the entire network, until protections can be put in place.
- Investigate the incident. Mobilize a team of internal technical professionals and, if needed, external experts to find out what happened and how it happened, as well as to assess the amount of the damage.
- Implement protections and countermeasures. This may include changing passwords, putting up or strengthening firewalls, implementing data encryption, and removing malicious code. If an employee was complicit, the employee should be fired and law enforcement alerted.
- Reassess your cybersecurity measures to see where you could add to and strengthen your practices.
- Check to see if the losses are covered under your business insurance policy, and make a claim if so.
- Report the attack to the appropriate regulatory agency, if necessary.
- Manage public relations if the attack compromised customer data. Learn more about how to write a press release.
Cyber threat intelligence providers
If your small business uses the internet to keep itself running, or if you store your sensitive data in a local network that’s connected to the internet, a cyber threat intelligence firm may be beneficial.
Here are some options to help you select a vendor:
- Mandiant targets large enterprises and provides nation-state-grade threat intelligence and cybersecurity consultation. More than 1,000 analysts and experts are on hand to provide information from various sources. Consider this company if your business deals with highly sensitive information, such as classified government, financial or healthcare data.
- IBM X-Force is the major hardware company’s cyber threat intelligence solution. IBM X-Force researches threats and collaborates with peers through a cloud-based threat intelligence-sharing platform. Like Mandiant, it is tailored to larger companies that need a comprehensive intelligence program.
- Anomali ThreatStream is a threat detection, investigation and response platform that helps you understand your potential cyber adversaries by collecting intelligence from various premium feeds. You can purchase additional intel through the company’s Anomali Preferred Partner (APP) Store. Anomali also uses machine learning to increase the efficacy of its threat intelligence platform and reduce the number of false positives.
- CrowdStrike Falcon Insight is a cyber intelligence platform for small businesses. It continually monitors your network, detects suspicious activity and provides real-time alerts for quick responses. It also can track and unravel the details of attacks so they can be most effectively addressed. While it does not publish its pricing, it offers a free trial.
Jennifer Dublino and Shimon Brathwaite contributed to the writing and research in this article.