How Cyber Threat Intelligence can help very small businesses and SMEs
Cybersecurity has become a crucial issue for businesses. Is Cyber Threat Intelligence, which consists of studying and monitoring cyber threats, the solution to help very small businesses and SMEs protect themselves from attack? Here we take a close look at a service with which many very small businesses and SMEs are as yet unfamiliar.
What is Cyber Threat Intelligence?
There are three main types of cyber threat, which are all differently motivated but may all target every type of organisation: hacktivists, acting to further a cause, cybercriminals, acting purely for financial gain, and state sponsored groups, whose purpose is espionage.
Cyber Threat Intelligence (CTI) is an activity with the twin purpose of studying and monitoring cyber threats. It also makes it possible to detect mechanisms that might be open to attack and thus reduce associated cyber risks. The approach used by companies involved in cyber security is based on analysing attacks that have already taken place, with the aim of identifying them by means of technical markers (malware signatures, IP addresses, malicious domain names, etc.). Defenders aim to use such technical markers to guard against and block any new attempts at such campaigns.
Cyber Threat Intelligence is a long-term service – usually rendered via extremely expensive annual or monthly subscriptions – intended for organisations that have very wide exposure and a certain level of maturity in terms of cyber security. Moreover, integrating and processing the flows within information systems requires specific infrastructure and special teams (e.g. Security Operations Centre, or SOC).
INQUEST: a CTI service for businesses
CTI is a little known range of services on the very small businesses and SMEs market. Yet such organisations are a perfect target for cyber threats because they have a small or even non-existent defence perimeter, making them an easy target for attackers. Increasing numbers of very small businesses and SMEs are being affected by attacks causing visible damage, particularly in terms of files being encrypted by ransomware or fraudulent bank transfers when a CEO’s account has been hacked. Remember, however, that the majority of SPAM campaigns that include a malicious attachment cause damage that is not seen by the victims, but that does just as much harm: theft of personal information or bank details or espionage whereby strategic or confidential documents are accessed.
The life cycle of a cyber attack always begins with a target reconnaissance phase: the attacker seeks to determine the weaknesses and types of trigger that will enable the malicious action to be performed. CTI responsibility could be given to the IT manager of a very small business or SME, but such a role requires very specific resources, particularly in terms of time commitment and skills. However, it is possible for the identification and management of cyber threat risk to be outsourced to specialist service-providers. INQUEST, a subsidiary of GM Consultant specialising in Risk Management, has developed an offer of services for very small businesses and SMEs that includes regular assessments of the amount of exposure created by their various action plans, monitoring of their online reputation on social networks, domain name surveillance, plus support and guidance for staff in the form of workshops to increase their awareness of cyber risks.
Adrien PETIT, Cyber Security Development Manager at INQUEST