Threat intelligence elevates a security program by helping to bring foresight and awareness to existing capabilities, such as the security operations center (SOC) or asset management. Not all threat intelligence is created equal, though. On one side, you have tactical threat intelligence, which consists of activities such as the ingestion of Indicators of Compromise (IOCs) to create detection or blocking rules within tools. Then you have the other side — strategic threat intelligence — which is the focus of this analysis.
Breaking Down Strategic Threat Intelligence
Strategic threat intelligence looks at the bigger picture. It involves a broader, long-term perspective on cyber threats and their relation to the program investments within which you’re working. It encompasses threat landscape analysis, industry and sector-specific, and geopolitical threat analysis.
This is all signal (or input to a process), but having a lot of data does not lead directly to perspective about how all that will impact your organization and its plans. As a team, you need to think critically about these things with your organization’s strategy as a backdrop.
One approach to support such critical thinking in this strategic threat intelligence context is to adopt a structured analytical framework, such as the Analysis of Competing Hypotheses (ACH). ACH encourages participants to simultaneously explore multiple hypotheses, gather evidence, and assess the relative likelihood of each before reaching a conclusion. By using critical thinking frameworks like the ACH, teams can minimize the impact of cognitive biases in this vital process and make informed decisions that contribute to a more resilient strategy.
The next section of this analysis will break down some specific questions that can be integrated into the planning process. The ACH framework will help your team think creatively and objectively about the possibilities (or hypotheses). As confidence builds around any given one, you move into more specific planning.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
Strategic Planning Questions
The following questions can be included in strategic planning processes alongside the output of the threat intelligence data, reports, and themes collected.
1. What Do We Need to Invest in to Prepare?
Strategic planning is all about preparation for what is to come based on goals and what is in place today. By understanding the emerging threats and trends alongside this, organizations can allocate their investments strategically, ensuring that they are well-prepared to proactively defend against potential attacks and mitigate risks. For example, an organization that fails to invest in any supply chain visibility technologies will likely be unprepared for supply chain tampering attacks such as Log4Shell.
2. Is Our Workforce Prepared to Face These Threats?
This question highlights the importance of human capital in cybersecurity. It encourages organizations to assess the skills and expertise of their employees, identify potential gaps in knowledge, and implement appropriate training and development programs to ensure the workforce is equipped to handle evolving cyber threats effectively. This might mean investing in training, culture change, or something else entirely. With the explosion of artificial intelligence (AI) tools happening in the market right now, a workforce that isn’t able to embrace such tools and adapt quickly to the complexities of both a rapidly changing market and threat landscape may be more rigid and susceptible to attacks from nimble threat actors.
3. Are There Strategic Partnerships We Should Begin Preparing for Now?
This question is important because of the strategic value of collaboration and information sharing in enhancing cybersecurity. This question encourages organizations to proactively identify potential partners — industry peers, information-sharing groups, or cybersecurity vendors — that can provide valuable insights and resources to strengthen their defenses and stay informed about the latest threats and trends. This might look like a critical evaluation of the workforce skills and numbers in place and exploring outsourced vendor relationships, such as a managed security services provider (MSSP) to address key functional areas.
4. Are Our Teams and Resources Aligned to Deal With These Emerging Threats?
The alignment of resources is foundational to effective strategic planning. This question prompts organizations to evaluate the structure and composition of their security teams alongside their peers, ensuring they have the right mix of expertise and resources to effectively address current and future threats. It also encourages organizations to assess internal communication and collaboration mechanisms to facilitate a unified and coordinated response to emerging cyber threats. In this case, overly hierarchical organizations may spend more time dealing with ownership issues and change management than adapting quickly when something critical happens.
Threat intelligence is not all about the IOCs, the day-to-day work of active threats, and updating the environment. There is real strategic value in looking at how threats are evolving and how that relates to the strategic plan. Cybersecurity cannot sit apart from the organization’s strategy, and this is an excellent opportunity to integrate and enable.
This article has been updated since it was originally published on April 27, 2023.
Want more cybersecurity insights? Visit the Cybersecurity channel: