Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
Building Threat Intelligence Capabilities in Wartime
Rob Dartnall of Security Alliance on Investing in an Intelligence TeamUkraine's cybersecurity authority says the country is fighting its first-ever hybrid war - combining conventional and digital warfare strategies and tactics. In this time of high alert, Rob Dartnall of Security Alliance calls for organizations to develop their threat intelligence capabilities.
See Also: A Strategic Roadmap for Zero Trust Security Implementation
Historically, organizations have focused on automating the technical and tactical parts of the business wherever possible to reduce hiring costs. But "this is not intelligence work; it's data analytics," Dartnall says.
"Start thinking about investing in that intelligence team … and training them to do proper intelligence to be able to do confidence levels, and in proper intelligence assessment terminology," he says. Then, he adds, you will be in a position to say to board members, "These are the one or two things you need to focus on. This is how we need to do it and by when."
In a video interview with Information Security Media Group, Dartnall discusses:
- The role of cyber in the Russia-Ukraine war;
- Potential cyber disruptions to the energy and banking sectors;
- Best practices for organizations to develop and apply a threat intelligence capability.
Dartnall comes to the cyber domain from a military intelligence background. He is an advocate of "intelligence preparation of the cyber environment" and has designed intelligence-led resiliency programs, developed intelligence capability, created intelligence-sharing frameworks and initiatives, and provided intelligence-led consulting engagements. He holds the CREST Certified Threat Intelligence Manager qualification, is a CREST TI Assessor and sits on the CTIPs Sub-Committee.