Briefing: Threat Intelligence Sources and Providers
Threat intelligence is the information gathered to defend against cyberattacks by understanding actors' motives and attack vectors. By knowing cybercriminals' reasons and attack methods, an organization is better equipped to protect itself and keep essential business operations running. Today, with the advent of advanced persistent threats (APTs), every organization is at cyberwar, whether they like it or not. As a result, many principles, especially intelligence principles in traditional warfare, also apply to cyber warfare. “If war breaks out, intelligence has distinctive strategic, operational, and tactical roles. Strategic intelligence helps guide national leaders' political-military decision-making” (Gentry, 2019). Threat Intelligence works the same way for an organization’s cybersecurity leaders. For example, suppose you know that a certain APT typically attacks organizations in your industry with ransomware. In that case, you can start to build up your defenses against ransomware and create playbooks for your incident response team to follow when ransomware strikes the organization. Thus, threat intelligence goes hand and hand with the risk management process. Using the information gathered from threat intelligence, an organization can begin the risk management process and prioritize the risks it faces. Unfortunately, threat intelligence is easier said than done. In today’s cyberspace, it’s not possible to defend against all threats. Today’s APTs are sophisticated, patient, and have significant funding to perform a wide range of exploits (EY, 2014, p. 1). This is where threat intelligence sources and providers come it. They equip the organization with threat intelligence specifically tailored for their industry.
Threat Intelligence for the e-Commerce Industry
E-commerce companies are prime targets for cyber-attacks because they typically store all the necessary information for credit card and identity theft. e-Commerce fraud is set to surpass $20 billion this year in 2021. Which is up from $17.5 billion in 2020; wherever money is involved, there are criminals (Insureon, n.d.; Razzak, 2021).
Every organization should join its industry-specific ISAC. “An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure” (Vijayan, 2019). Since PayPal is a leading digital payments company that enables consumers and merchants to transfer money in various ways electronically, PayPal best fits in the Financial Services ISAC. PayPal may benefit from the Rerail and Hospitality ISAC since many of PayPal’s customers are in the Retail Industry.
The top commercial providers include SOCRadar, Blueliv, and Cyberint, whom all have threat intelligence services tailored explicitly towards Retail and e-Commerce companies. Each of these providers offers extensive threat intelligence services, and further research needs to be conducted to determine which is best for PayPal. Additionally, each of these companies provides a demo of its services. It is recommended to request these demos to decide which product is best for PayPal.
Alternatively, it would be beneficial to establish internal threat intelligence, as no one will understand PayPal's needs more than PayPal. This can be accomplished by directing current cybersecurity personnel to fill these roles and hiring new personnel outside the organization to fill these roles. The combination of joining an ISAC, purchasing commercial threat intelligence services, and creating internal threat intelligence services is more than enough to get a leg up on the cybercriminals wishing to attack PayPal.
The cyber threats of today are more significant than ever before. Cybercriminals and APTs are forcing ordinary organizations into a cyberwar. Unfortunately, it’s not possible to defend against all threats. To stay ahead of the opposition, organizations need essential and timely threat intelligence to thwart the most likely and most damaging cyberattacks in their industry. Therefore, it is recommended to join the industry-specific ISAC, purchase commercial threat intelligence services, and establish an internal threat intelligence team. Intelligence has and always will be essential to winning conventional wars, and when it comes to cyberwarfare, it’s no different.
EY. (2014). Cyber threat intelligence − how to get ahead of cybercrime (2014 ed.).
Gentry, J. A. (2019). Intelligence in war: How important is it? How do we know? Intelligence and National Security, 34(6), 833-850. https://doi.org/10.1080/02684527.2019.1611205
Insureon. (n.d.). Common cybersecurity threats for e-Commerce businesses. Retrieved November 16, 2021, from https://www.insureon.com/blog/top-cybersecurity-threats-for-ecommerce-businesses
Razzak, S. (2021, August 17). Ecommerce security: Tips, tricks & recommendations (2021). The Official Cloudways Blog. https://www.cloudways.com/blog/ecommerce-security-tips/#phishing
Vijayan, J. (2019, July 9). What is an ISAC? How sharing cyber threat information improves security. CSO Online. https://www.csoonline.com/article/3406505/what-is-an-isac-or-isao-how-these-cyber-threat-information-sharing-organizations-improve-security.html
Image source: AI Multiple