Why do we need to perform intelligence-led security testing? And Cyber Threat Intelligence
Organisations who operate in certain niches, for example Banking, Telecom or Government or those organisations who may operate in multiple countries of which could be hostile need to understand their threats in more details to tailor their security defences and ensure they are effective. Trying to defend against everything is not very effective and could actually be counter productive for the business.
Intelligence-led testing allows the organisation to understand what threat actors along with their tactics, techniques and procedures which could be used against them. Detailing this before the security testing happens enables the business to test their defences against real-world attacks aimed at their business niche.
There are a number of testing schemes which aim to provide this service some of which are listed below.
• TIBER-EU for the European financial sector https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html
• iCAST (Intelligence-led Cyber Attack Simulation Testing) for Hong Kong’s financial sector) https://www.hkma.gov.hk/eng/data-publications-and-research/guide-to-monetary-banking-and-financial-terms/iCAST/
• GBEST for UK government departments https://www.crest-approved.org/membership/gbest/
Cyber Threat Intelligence
What other areas can Threat Intelligence be useful?
- Threat Assessments
- Threat Intelligence Platforms
- Data Feeds
- Subscriptions (Think CiSP)
What areas can benefit and consume threat intelligence?
- Security Operations Centre
- Vulnerability Identification & Remediation
- Response & Forensics
- Tabletop Excercises
- IT Management
- Other areas of the business (Finance, Legal etc)