Does Your Cyber Threat Intelligence Tell a Story?

I began at SurfWatch Labs several years ago with one primary directive: be a story teller. Cybercrime impacts everyone, I was told, yet many business owners, executives and employees know next to nothing about cybersecurity. 

For the most part those people were either unaware, assumed their business would never be a targeted by hackers, or put the onus on the tech guys to handle those threats. Those who did take cybersecurity seriously and wanted to learn — well, without a technical background cyber-related writing has a tendency to induce a mini-coma within the first three paragraphs.

Essentially, there was large disconnect between the numerous cyber-attacks and data breaches and everyone who was being impacted by those incidents. That gap has closed quite a bit the last few years, but a gap still remains. Unlike regular crime, which tends to evoke much a more visceral reaction, cybercrime and the reporting on it often feels one step removed from our daily lives. Even as we currently find ourselves speculating how cyber-issues could help decide a presidential election, people are still surprised when they become the target of a cyber-attack.  

Take Patrick Feng, an adjunct assistant professor who studies technology and sustainability policy at the University of Calgary in Canada. As Scientific American reported, on May 28 a ransomware attack left many of the university’s researches locked out of their own data and email, leading the university to make a ransom payment of $15,500 to ensure nothing was lost.

“Even though I teach technology policy, and am aware of these kinds of issues, I still thought it was never going to happen to me,” Feng said.

Yes, presidential candidates are targeted, but little ol’ me? C’mon.

That disconnect is why I wrote back in 2014 that the story of celebrity nude photos being stolen may have been the most important cybercrime event of that year:

For most of us, we are not celebrities, and it does not affect us. But when I read that story, or stories like that of [Miss Teen USA] Cassidy Wolf, who described her reaction to being sextorted by a similar creep – “I literally threw my phone across the room and started screaming. It did not feel real, it was like a horror movie.” – it stays with me in a way that a hundred stories of credit cards being stolen from Home Depot will never do.

We need stories to help spur action across all aspects of our lives, including cybersecurity. In a sense, that is what effective cyber threat intelligence is all about. Our goal here at SurfWatch Labs is to tell those stories, to help connect those dots so that everyone from the newly hired employee to the board of directors can understand the risks posed to them both individually and to their organization as a whole.

It’s also why charts like this are among my favorite ways to look at SurfWatch Labs’ cyber threat intelligence data — not because it’s a useful chart in any practical sense, but because of the way it highlights this year’s cybercrime events and shows the stories that collectively we are, and aren’t, paying attention to.

2016-08-05_firstseen.png
This chart shows the more than 1,000 industry targets SurfWatch Labs has collected data on this year (not including dark web data), as well as the date they first appeared in our data and how many CyberFacts we have collected pertaining to each organization.

In the cybersecurity space, we tend to define time by the major breaches — Target, Home Depot, Sony Pictures, Anthem, the U.S. Office of Personnel Management, Ashley Madison, LinkedIn, the Democratic National Committee — but doing so can negate the real story. As we noted in our recent cyber trends report, most attacks are not sophisticated. They are not high-profile incidents that garner national headlines. Rather, they are a steady wave of relatively simple and often automated attacks that continues to wash over those without proper awareness or understanding of their cyber risk.

Only a tiny fraction of cybercrime events cross over that gap and become part of the public consciousness. For the many more organizations that remain under the radar, cybercrime still has significant real-world consequences  — as well as for the employees, executives, shareholders and boards of directors that are tied to those various data breaches, denial-of-service attacks, extortion attempts, account takeovers, cyber-espionage, insider threats and other forms of cybercrime.

With cyber threat intelligence becoming one of the latest cybersecurity buzzwords, people are often trying to define what it is. What’s the proper balance between raw data and human analysis? Who is the target audience? How does that intelligence translate into specific action? In simpler terms, it is just telling the story of your organization’s cyber risk — with proper context and in a way that everyone can understand and take action on.

To continue to close that cybersecurity gap we need more training and more technological innovations and more smart leaders, but we also need to connect all of that together and drive progress forward somehow. That’s what cyber threat intelligence, and the stories it can tell, is all about.

Author: Jeff Peters

SurfWatch Labs editor and host of SurfWatch Labs Cyber Chat podcast. Focused on using threat intelligence and data visualization in order to bring cybercrime to life and help make organizations safer.

2 thoughts on “Does Your Cyber Threat Intelligence Tell a Story?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s