The ever-evolving cyber threat landscape continues to be a concern for organisations all over the world. Over the last couple of months, with many employees working remotely, there has been a reported increase in cyber attacks. Cybercriminals are finding newer methods to victimise employees and organisations.
Companies continue to invest in more cybersecurity solutions to deal with the growing threats. At the same time, the capabilities of cybercriminals evolve with technology. Today, there are a variety of threat actors preying on organisations via the vast threat landscape.
According to the IBM X-Force Threat Intelligence Index report published in 2020, cybercriminals gained access to over 8.5 billion records in 2019. Adding to that, ransomware attacks increased up to 67% in the final quarter of 2019 with threat actors now innovating new ransomware code for destructive attacks. Threat actors also continue to shift their sights to attack operational technology, industrial control systems, and Internet of Things (IoT) devices, all of which saw a surge of 2000% in 2019. While most of the cybercrime was targeted in North America, with over five billion records exposed, Asia was not far behind with over two billion exposed records.
As such, many organisations are now looking at a proactive approach to cybersecurity instead of a reactive one, and companies with a Security Operations Centre (SOC) want the ability to act on threats faster and more efficiently.
To become much more effective at what they do, security teams and SOCs have to increase the accuracy of the intelligence that they have at their disposal. This requires a crucial combination of information security and cyber analysis dimensions that include:
Security analysis – Aggregating, correlating and automating IT-related data to detect, discover and understand information security threats via automated tools that rely on algorithms and pattern recognition.
Cyber analysis – Human-led analysis of security and non-security related data from both logical and physical domains to research trends, discover anomalies, provide context, create relationships and uncover hidden issues.
Cyber intelligence – Using evidence-based knowledge and actionable advice concerning security-related issues.
Security intelligence – Actionable information derived from the analysis of security-relevant data available.
These dimensions enable organisations to be better equipped to tackle the full cyber threat spectrum and take on what is commonly called a “cyber threat hunting” approach to cybersecurity.
The importance of reliable threat intelligence has never been greater. With threat intelligence, organisations can rely on the insights that are gathered via AI to understand, predict and prevent any threats from infiltrating their systems. The role of AI in threat intelligence is to analyse data from several sources, of existing and emerging threats and utilise it to provide insights that can be used for automated security control systems.
IBM X-Force Exchange is a cloud-based threat intelligence sharing platform, enabling the SOC to receive information on the latest security threats, as well as actionable intelligence. Supported by human- and machine-generated intelligence, X-Force Exchange will equip SOC personnel with the information needed to make fast, informed decisions.
To find out more about the steps your organisation can take to deal with the evolving cyber threatscape, read this IBM whitepaper here.