Cyber intelligence is becoming an increasingly common term when it comes to cyber security issues.
But what does it refer to? Once again, data analytics is of great importance here, as this discipline tries to identify, collect, assess, analyse and interpret a large amount of information on cyber threats, in order to predict new dangers and thus make it possible for all types of companies and organisations to anticipate and pre-emptively deal with cyber-attacks before they occur.
Key factor
Thanks to data analysis and possible risks identification, and to a better knowledge of aspects such as the malicious code introduced, who the attacker is, how he usually acts, etc., its application to security plans helps in the early detection of problems, such as mentions which could damage a company’s reputation, and it helps with industrial espionage prevention, the identification of information leaks, and most importantly, it favours agile decision making.
Thus, according to experts from the consulting firm Deloitte, it is estimated that around 67% of the time of security or incident response teams is wasted due to a lack of context when dealing with this type of situation.
Cyber intelligence is a very powerful tool applied in the field of cyber security because, while cyber intelligence is an anticipatory discipline that analyses human behaviour, cyber security is a reactive activity which is triggered by an attack so as to protect an organisation’s data, systems, networks or software. And it should be noted that such security depends on the technology and the people who use it.
And security has a lot to do with people’s behaviour. According to the Escudos 2021 report by the Spanish company Exsel, one in five small and medium-sized Spanish companies has suffered a cyberattack in the last year, and during the first half of the year, more than 300,000 SMEs have been affected by cyberattacks, 70% more than in 2020 and more than twice as many as before the pandemic.
The report identifies threats in relation to social engineering as the main security vulnerability, as they are directly or indirectly responsible for 95% of the attacks suffered.
Intelligent response
In view of the rapid evolution of attacks and the increasing (and much-needed) digitalisation of companies, Telefónica has a cyber-intelligence unit within the Telefónica Tech incident response team.
These professionals are in charge of providing the necessary technical support to companies that have suffered a security incident caused by ransomware. They are the ones who launch the processes required to contain each attack, preventing the damage from spreading, eliminating the presence of malware and recovering systems and services safely.
Moreover, when it comes to an IT incident, the response must not only be intelligent, it must be fast. Therefore, analysts working in response teams are working under tight time constraints, as rapid containment is vital in minimising potential damage.
Thanks to the data analysed, cyber intelligence provides specific support during decision-making. In the context of a connected world, it can play a key role when its comes to taking action in the face of a cyber-attack and developing a rapid and useful response for organisations.
To this end, suppliers of security solutions and tools must share information with other suppliers and other organisations, both public and private, to tackle the organised cybercrime industry.
For this reason, Telefónica is part of a group of cybersecurity-conscious companies that has decided to create the Cyber Threat Alliance, which aims to collaborate and share information on network threats and improve the security of its customers.
Identifying targets and understanding people’s behaviour as well as potential risks and threats helps prevent cyber threats.
