Last Updated on February 23, 2023
Verizon’s 2022 Data Breach Investigations Report shows that over 90% of network intrusions are perpetrated for financial gain. That’s important information to know from the standpoint of threat intelligence, because it lets you drill down to the next level of insight about attackers and attacks.
What assets of legitimate businesses do hackers hope to steal and monetize, of which your data is but one? How do bad actors carry out the many operational tasks associated with compromising your IT and stealing your assets, holding them for ransom, etc.? And how does understanding cybercrime “business models” and “supply chains” give you an edge in incident detection and response?
To demystify how cybercrime for profit really works, a recent episode of The Virtual CISO Podcast features Raveed Laeb, VP of Product Development at Kela. John Verry, Pivot Point Security CISO and Managing Partner, hosts the show.
The essence of intelligence work is knowing your enemy
A former Israeli Defense Force intelligence officer, Raveed says cyber threat intelligence is all about knowing your adversary.
“In intelligence, what you’re trying to do is provide good advice on the best course of action you can take in a given moment,” Raveed explains. “You can’t predict the future, but you can try to explain and describe the present—and that is what decision-makers can use to make good decisions when push comes to shove or to plan strategy or basically anything, right?”
So, in cybersecurity, if you want to drive decisions with inputs that you can actually measure and see, you need to understand what the bad guys are actually doing, and why. Because this is an adversarial game, where every action you might take will probably have an adversarial counter-reaction. In this context, knowing what’s likely going on outside your perimeter, in the enemy camp, is huge.
“Unless you look outwards at the adversary, you can only see what’s happening inwards,” Raveed cautions. “And that’s usually not too indicative of how the reality actually looks.”
It’s probably about money
Since research reports that the great majority of hacks across industries start with a financial motive, then by definition hackers are working within a market.
Raveed clarifies: “Cyber criminals and organizations are in constant competition because they want the assets that you have, but you want to keep your assets for yourself. So, you’re basically competing with an adversary. And probably just like you would spend some time and effort understanding your actual competitors in business, doing the same for your adversaries—understanding what it is that they want and what you have that has value to them—probably is a very good way to start understanding how to better protect yourself and how to plan your defense strategy.”
To listen to this podcast episode with Raveed Laeb, click here.
Ever wonder about: The Difference between Threat Data and Threat Intelligence—and Why It Matters?