Future of Threat Intelligence

In our latest episode of the Future of Threat Intelligence podcast, David chats with Ryan Chapman, Threat Hunter, Author & Instructor at SANS Institute. They explore the alarming evolution of ransomware tactics, including the rise of multi-extortion strategies where attackers not only encrypt data but also threaten to leak sensitive information. 
 
Ryan emphasizes the critical mistakes organizations make, such as failing to implement basic security practices and allowing administrative privileges for general users. He also discusses the importance of leveraging internal data for effective threat hunting. Tune in to gain insights on strengthening your organization's defenses against ransomware attacks! 
 
Topics discussed:
The evolution of ransomware tactics, highlighting the shift from simple encryption to sophisticated human-operated attacks.  
The rise of multi-extortion strategies, where attackers threaten to leak sensitive data in addition to encrypting it.  
Why organizations often fail to implement basic security practices, leading to increased vulnerability to ransomware attacks.  
The importance of restricting administrative privileges for general users is emphasized to enhance overall security posture.  
The value of better visibility through proper logging and monitoring to detect and respond to threats effectively.  
Leveraging internal data as intelligence is crucial for effective threat hunting and identifying potential vulnerabilities within the organization.  
The significance of ongoing education and training in cybersecurity to keep defenses robust against evolving threats.   
 
Key Takeaways: 
Implement basic security practices, such as restricting administrative privileges for general users, to reduce the risk of ransomware attacks.  
Conduct regular audits of Active Directory permissions to ensure proper access controls and minimize potential vulnerabilities.  
Utilize full tunnel VPNs for remote users to secure all traffic and enhance protection against external threats.  
Enable comprehensive logging on hosts, including PowerShell and Active Directory events, to improve visibility and incident response capabilities.  
Leverage internal data as intelligence by analyzing alerts and indicators of compromise (IOCs) to identify potential threats.  
Educate employees on recognizing phishing attempts and other social engineering tactics to prevent initial access for attackers.  
Collaborate with threat hunting teams to share insights and findings, fostering a proactive approach to cybersecurity.  
Monitor for unusual service names or processes that appear on fewer devices to identify potential threats in your environment.  
Document all findings during threat hunting sessions, regardless of whether a threat is identified, to build organizational knowledge.  
Stay updated on the latest ransomware tactics and trends to adapt your security strategies and defenses accordingly.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters, Lead Threat Hunter at T. Rowe Price. Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way.
 
He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture! 
 
Topics discussed:
Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts.  
The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies.  
Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements.  
A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility.  
The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries.   
 
Key Takeaways: 
Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel.  
Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations.  
Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization.  
Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems.  
Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats.  
Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline.  
Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries.  
Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges.  
Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts.  
Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Gregory Van den Top, AI Practice Leader for Europe at Marsh. They explore the critical importance of understanding cyber risk as an integral part of business strategy, rather than a technical afterthought. 
 
Gregory emphasizes the need for organizations to conduct thorough risk assessments and quantify potential impacts, particularly in light of the growing threat of ransomware. He also highlights the significance of fostering a strong link between cybersecurity and executive leadership to enhance organizational resilience. Tune in for actionable insights to strengthen your cyber risk management approach! 
 
Topics discussed:
 Why cyber risk should be integrated into overall business strategy, not treated as a separate technical issue.  
How conducting thorough risk assessments helps organizations understand their current cyber risk landscape and potential vulnerabilities.  
How quantifying cyber risk is essential for informed decision-making and aligning with organizational goals, particularly for financial stakeholders.  
Why ransomware poses a significant threat, requiring organizations to prioritize awareness, preparedness, and proactive incident response measures.  
How building resilience in cybersecurity involves not just response plans but also protective measures to prevent incidents from occurring.  
How establishing clear roles and responsibilities, including board-level oversight, enhances the management of cyber risk across the organization.  
Why cybersecurity education for non-technical stakeholders is crucial for fostering a comprehensive understanding of risks and promoting informed discussions.   
 
Key Takeaways: 
Integrate cyber risk assessments into your overall business strategy to ensure a holistic approach to risk management.   
Quantify cyber risks to provide tangible insights for decision-makers, particularly for CFOs and other financial stakeholders.  
Prioritize awareness and preparedness for ransomware threats by implementing proactive incident response plans and training programs.  
Establish clear roles and responsibilities for cybersecurity within your organization, including board-level oversight for better risk management.  
Foster a culture of cybersecurity education among all employees to enhance understanding and promote informed discussions about risks.  
Develop a robust incident response plan that includes forensics, legal advice, and communication strategies to mitigate the impact of breaches.  
Engage in regular tabletop exercises using AI tools to simulate cyber incidents and improve your organization’s resilience and response capabilities.  
Collaborate with cybersecurity experts to stay updated on emerging threats and best practices for managing cyber risk.  
Review and update your cybersecurity policies and practices regularly to adapt to the evolving threat landscape and organizational changes.  

In our latest episode of the Future of Threat Intelligence podcast, David Bianco, Staff Security Strategist at Splunk, shares his insights on the evolving landscape of threat hunting. He introduces the PEAK threat hunting framework, emphasizing its role in enhancing security measures. 
 
David also discusses the critical differences between threat hunting and red teaming, highlighting how both approaches can complement each other. He also divesinto the essential skills needed for building an effective threat hunting team and offers actionable advice on measuring the success of threat hunting programs. 
 
Topics discussed:
The PEAK threat hunting framework, designed to enhance proactive cybersecurity measures and improve threat detection capabilities.  
The distinction between threat hunting and red teaming and their complementary roles in strengthening security defenses.  
Hypothesis-based threat hunting and the importance of formulating and testing hypotheses to identify potential threats.  
Baseline threat hunting as a method to understand normal activity, aiding in the detection of anomalies.  
Key skills for an effective threat hunting team, including knowledge of threat actors, technology stacks, and data analytics expertise.  
How metrics for measuring threat hunting success are essential for demonstrating impact and driving continuous improvement in security programs.  
 
Key Takeaways: 
Adopt the PEAK threat hunting framework to structure your threat hunting initiatives and enhance your cybersecurity posture effectively.  
Differentiate between threat hunting and red teaming to understand their unique roles and how they can complement each other in security.  
Formulate clear hypotheses for threat hunting activities to guide your investigations and improve the chances of identifying real threats.  
Conduct baseline threat hunting to establish normal activity patterns, making it easier to detect anomalies and suspicious behavior.  
Build a diverse threat hunting team by incorporating members with expertise in threat intelligence, data analytics, and incident response.  
Implement actionable metrics to measure the success of your threat hunting program and demonstrate its impact on overall security.  
Start small with your threat hunting efforts, focusing on manageable projects that can scale as you gain experience and success.  
Encourage collaboration between threat hunters and other security teams to share knowledge and improve overall detection capabilities.  
Continuously educate your team on the evolving threat landscape to stay ahead of potential risks and enhance threat hunting effectiveness.  
Utilize existing data analytics tools to analyze collected data during threat hunting, enabling informed conclusions about threat actor activities.  

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Eric Hanselman, Chief Analyst at S&P Global, about the critical role of threat intelligence in today’s cybersecurity landscape. Eric emphasizes the need for organizations to integrate threat intelligence operationally, moving beyond mere threat feeds to develop comprehensive threat models. 
 
He discusses the importance of maintaining operational hygiene, building a peer ecosystem for information sharing, and aligning security strategies with overall business objectives. Eric also offers valuable insights on navigating the complexities of cybersecurity and the future of threat intelligence. 
 
Topics discussed:
Insights on the evolving role of threat intelligence in modern cybersecurity strategies and operations.  
How organizations must integrate threat intelligence operationally to effectively manage risks and inform day-to-day security decisions.  
Why simply having a threat feed is insufficient; understanding and updating threat models is crucial for effective risk management.  
How operational hygiene, including good backups and data protection, is essential for defending against ransomware and other cyber threats.  
The value of building a community for information sharing enhances collaboration and provides valuable reality checks among cybersecurity professionals.  
Aligning security strategies with business objectives ensures that security measures support overall organizational goals and operations.  
Looking ahead and maintaining a forward-thinking perspective is vital for anticipating future cybersecurity challenges and opportunities.   
 
Key Takeaways: 
Integrate threat intelligence into daily operations to enhance your organization’s ability to respond to emerging cybersecurity threats.  
Develop comprehensive threat models that are regularly updated to reflect the evolving risk landscape and inform strategic decisions.  
Prioritize operational hygiene by ensuring robust data protection measures and effective backup systems to mitigate ransomware risks.  
Build a network of cybersecurity peers for information sharing to gain insights and reality checks on current security practices.  
Align your security strategies with business objectives to ensure that cybersecurity efforts support overall organizational goals and operations.  
Stay informed about emerging technologies, such as GenAI, and assess their potential impact on your security posture.  
Engage in end-user research to understand the pain points of security teams and develop solutions that address their challenges.  
Look beyond immediate threats and focus on long-term strategic planning to anticipate future cybersecurity challenges.  
Foster a culture of collaboration within your organization to enhance communication between security teams and other business units.  
Regularly evaluate and refine your security practices to ensure they remain effective in the face of evolving threats and technologies.   

In our latest episode of the Future of Threat Intelligence podcast, host David Monnier welcomes David Ortiz, Global CISO at Church & Dwight. David shares insights from his extensive career in information technology and cybersecurity, emphasizing the importance of understanding the evolving threat landscape. 
 
David touches on the critical role of threat intelligence in decision-making, the challenges posed by sophisticated phishing techniques and deepfakes, and the necessity of integrating cybersecurity into business strategy. He also highlights the significance of collaboration across various teams and the responsible use of AI in enhancing security measures for organizations. 
 
Topics discussed:
The importance of understanding the evolving threat landscape for effective cybersecurity management in organizations.  
How threat intelligence plays a crucial role in identifying and mitigating risks, helping CISOs make informed decisions.  
How advanced email gateways and spam filters need to evolve to combat increasingly sophisticated phishing attacks and deepfake technologies.  
Why integrating cybersecurity into overall business strategy is essential for achieving security by design and enhancing data privacy measures.  
The value of collaboration with diverse partners, including legal teams and law enforcement, strengthens cybersecurity resilience and response capabilities.  
The importance of comprehensive cybersecurity awareness training to empower employees in recognizing and responding to potential threats.  
The responsible use of AI tools is vital for enhancing security measures while maintaining data privacy and compliance standards.   
 
Key Takeaways: 
Assess your organization's attack surface to identify vulnerabilities and prioritize protecting critical assets effectively.  
Implement a robust threat intelligence program to enhance decision-making and stay informed about emerging cybersecurity threats.  
Upgrade email gateways and spam filters to counteract sophisticated phishing attacks and improve overall email security.  
Integrate cybersecurity practices into your business strategy to ensure security by design and enhance data privacy initiatives.  
Collaborate with various stakeholders, including legal teams and law enforcement, to strengthen your cybersecurity posture and incident response.  
Conduct regular cybersecurity awareness training for employees to empower them in recognizing and responding to potential threats.  
Monitor the responsible use of AI tools within your organization to balance innovation with data privacy and security compliance.  
Engage with third-party vendors to assess their security practices and manage supply chain risks effectively.  
Foster a culture of accountability and ownership among team members to ensure everyone understands their role in reducing cyber risk.  
Seek mentorship from experienced professionals in both cybersecurity and business to develop a well-rounded skill set for leadership roles.  

In our latest episode of the Future of Threat Intelligence podcast, Kristof Riecke, Field CISO at Rackspace Technology, shares his journey in cybersecurity and highlights the evolution of the industry over the past decade. He discusses the importance of effective communication in security strategies, the need for a holistic approach to threat intelligence, and the unique challenges organizations face in cloud security. 
 
Kristof also emphasizes that understanding the specific needs of each organization is crucial for developing effective security measures and achieving overall security maturity. 
 
Topics discussed:
How the evolution of cybersecurity is marked by increasing complexity in attacks and a growing need for professionalization within the industry.  
Why effective communication is essential for CISOs to convey security strategies and engage with stakeholders at all organizational levels.  
How a holistic approach to threat intelligence is crucial, considering diverse sources and types of information relevant to an organization’s security needs.  
Why organizations must continuously address security measures, as moving to the cloud does not eliminate the need for ongoing vigilance.  
How understanding specific organizational needs is vital for developing tailored security measures and achieving overall security maturity.  
The importance of transparency regarding vulnerabilities and incidents to enhance detection and response capabilities within organizations.   
 
Key Takeaways: 
Assess your organization's current cybersecurity posture to identify vulnerabilities and areas for improvement in threat detection and response.  
Implement multi-factor authentication across all systems to enhance security and protect against unauthorized access.  
Educate employees on security awareness to foster a culture of vigilance and reduce the risk of human error in cybersecurity.  
Communicate security strategies clearly to all stakeholders, ensuring that everyone understands their role in maintaining a secure environment.  
Develop a holistic threat intelligence program that incorporates diverse information sources to better understand potential threats.  
Regularly review and update security measures to adapt to the evolving cybersecurity landscape and emerging threats.  
Collaborate with cross-functional teams to ensure that security practices are integrated into all aspects of the organization.  
Document security incidents and responses to create a knowledge base that can improve future incident management and response efforts.  
Utilize cloud security best practices to protect sensitive data and maintain compliance with regulatory requirements.  
Establish a continuous monitoring process to stay informed about the security landscape and proactively address potential threats.   

In our latest episode of the Future of Threat Intelligence podcast, we welcome David Patariu, an Attorney focusing on Privacy, Artificial Intelligence, and Cybersecurity at Venable LLP. David shares his unique journey from engineering to law, highlighting the critical intersection of technology and legal frameworks. 
David sheds light on the challenges posed by unauthorized data scraping, and what The Mitigating Unauthorized Scraping Alliance (MUSA) is doing to raise awareness and help prevent the practice, including MUSA’s Industry Practices to Mitigate Unauthorized Scraping. He also discusses the importance of robust privacy policies in building user trust, and the need for collaboration between industry and regulators to address emerging privacy concerns. 
Topics discussed:
How unauthorized data scraping poses significant risks to businesses, requiring proactive measures to protect intellectual property and user data.  
Why effective privacy policies are essential for building trust with users and ensuring compliance with evolving regulatory requirements.  
How collaboration between industry stakeholders and regulators is crucial to combat unauthorized data scraping and promote best practices.  
The role of legal advisors is evolving, necessitating a strong understanding of technology to provide relevant guidance.  
Why data protection strategies must consider the implications of artificial intelligence and machine learning on privacy and cybersecurity.  
How public awareness and education about data scraping and privacy issues are vital for empowering users to safeguard their information.   
Key Takeaways: 
Develop comprehensive privacy policies that clearly outline data usage practices to enhance user trust and comply with legal requirements.  
Engage in ongoing education about privacy laws and cybersecurity trends to stay informed and adapt to regulatory changes effectively.  
Collaborate with legal advisors who have a strong technology background to ensure that legal frameworks align with business objectives.  
Implement best practices for data protection by participating in industry groups focused on combating unauthorized data scraping.  
Conduct regular audits of your data handling practices to ensure compliance with privacy regulations and identify areas for improvement.  
Monitor emerging technologies and their implications for privacy to proactively address potential legal challenges in your organization.  
Participate in webinars and conferences to gain insights into the latest developments in privacy, cybersecurity, and artificial intelligence.  
Advocate for industry collaboration to establish standards and guidelines that address unauthorized data scraping and enhance user protection.   

In our latest episode of The Future of Threat Intelligence podcast, Jim Tiller, CISO at CyberBellum and a veteran in the cybersecurity industry with over 25 years of experience joins us to explore the intricacies of working as a fractional CISO. 
 
He offers a unique perspective on the role's challenges and rewards and emphasizes the importance of understanding business nuances, building trust with leadership, and developing a broad-spectrum knowledge of emerging technologies. Jim's insights shed light on measuring performance, effective communication, and essential skills provide invaluable guidance for navigating today's complex cybersecurity landscape. 
 
Topics discussed:
The evolving role and challenges of being a fractional CISO in today's cybersecurity landscape.
The importance of building human connections and speaking the language of business stakeholders for effective cybersecurity leadership.
Strategies for measuring the success of a fractional CISO beyond traditional KPIs and metrics.
Essential skills for CISOs, including humility, broad-spectrum technological knowledge, and the ability to get the gist of new concepts.
The necessity of staying updated on threat intelligence and applying it effectively within your organizational structure.
Tips for aspiring CISOs on how to start and thrive in the ever-changing world of cybersecurity. 
 
Key Takeaways: 
Build strong human connections with stakeholders by understanding their language and business needs for effective cybersecurity leadership.
Measure your success as a fractional CISO by demonstrating influence and trust rather than relying solely on traditional KPIs.
Stay updated on the latest threat intelligence and apply it within your organization to bolster cybersecurity defenses.
Develop a broad-spectrum knowledge of emerging technologies to enhance your overall understanding and decision-making capabilities.
Communicate regularly with your team and organization, making cybersecurity updates engaging, relevant, and easy to understand.
Learn continuously and be a professional learner to keep up with the rapid changes in the cybersecurity landscape.
Demonstrate your value by showing how your decisions positively impact the organization's security posture and business goals.
Identify and understand key performance indicators that truly reflect your effectiveness and impact as a fractional CISO. 
 

In our latest episode of the Future of Threat Intelligence podcast, David chats with Rafal Los, Head of Services Strategy & GTM at ExtraHop and the creative force behind the Down the Security Rabbithole podcast. Rafal discusses his journey from curiosity-driven exploration to a professional career in cybersecurity and the lessons he’s learned along the way.
 
Rafal shares his extensive experience in cybersecurity, offering insights on transitioning from technical roles to strategic leadership positions. He also talks about common misconceptions in strategic advisement, the importance of understanding the business context, and actionable advice for aspiring leaders. Throughout the conversation, Rafal's practical tips and seasoned perspectives make this episode a must-listen for anyone looking to elevate their career in cybersecurity and threat intelligence. 
 
Topics discussed:
Transitioning from technical roles to strategic leadership positions in the cybersecurity industry.
Common misconceptions in strategic advisement and how to avoid these pitfalls.
The importance of understanding the business context to improve strategic decision-making in cybersecurity.
Actionable advice for aspiring leaders in threat intelligence and cybersecurity.
How to bridge the gap between technical language and business objectives effectively.
Practical tips on assessing risks, impacts, and having a clear strategy for cybersecurity initiatives. 
 
Key Takeaways: 
Understand the broader business context to make more informed strategic decisions in cybersecurity.
Listen to and comprehend the challenges faced by different stakeholders to improve strategic advisement.
Develop a clear, actionable strategy for cybersecurity initiatives, focusing on both technical and business aspects.
Be skeptical of the information you read to stay critical and informed about industry trends and developments.
Engage in continuous learning by consuming content from diverse sources to broaden your cybersecurity knowledge.
Assess risks and impacts critically to prioritize cybersecurity efforts effectively.
Bridge the gap between technical language and business objectives to enhance communication and decision-making.
Prepare for potential failures by understanding how systems can fail and creating contingencies.
Network with industry professionals to gain different perspectives and insights into cybersecurity challenges.
Seek to understand the experiences and needs of your team and stakeholders to create more effective security strategies. 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0