Threat Intelligence: Protecting your Data and Information

This topic is relevant to clause 5.7 of the ISO 27002:2022 standard, which feeds into the Annex A of the ISO 27001:2022 Information Security, Cybersecurity and Privacy Protection - Information Security Management System Requirements Standard.

We live in a world where the importance of protecting data and information has never been more relevant.

Cyber threats are constantly evolving, making it challenging for individuals and organisations to keep up with the latest trends and protect themselves. 

In this blog, we will explore existing and emerging threats relating to data and information, and provide insights into how to make informed actions to prevent these threats.

Existing Threats

Existing threats to data and information are numerous and have been around for a while. Here are some of the most common ones:

• Phishing: This is a type of social engineering attack where attackers use email or messaging to trick victims into sharing sensitive information such as usernames, passwords, and financial details.

• Malware: Malware is software that is designed to cause harm to a computer system or network. It includes viruses, trojans, and ransomware.

• Insider Threats: Insider threats refer to individuals within an organisation who misuse their access to sensitive data or information for personal gain or to harm the organisation or individuals associated with the organisation. 

Emerging Threats

As technology advances, so does the tactics used by cybercriminals. 

Here are some emerging threats to be aware of:

• Internet of Things (IoT) Attacks: IoT devices, such as smart home appliances and medical devices, are becoming increasingly popular. However, they are often poorly secured, making them an easy target for attackers.

• Artificial Intelligence (AI) Attacks: As AI becomes more sophisticated, it is also being used by cybercriminals to launch attacks. AI-powered malware, for example, can learn to evade detection and become more effective over time.

• Deepfakes: Deepfakes are synthetic media created using AI algorithms. They can be used to spread disinformation, manipulate public opinion, and blackmail individuals.

How to Make Informed Actions to Prevent Threats

To protect against existing and emerging threats, organisations should implement a threat intelligence program. Threat intelligence can be divided into three layers: tactical threat intelligence, operational threat intelligence, and strategic threat intelligence as stated in the ISO 27002 code of practice for information security controls. 

• Tactical Threat Intelligence: This is the most basic level of threat intelligence and includes information on specific threats and attacks. It is used to identify and respond to threats in real-time.

• Operational Threat Intelligence: This level of threat intelligence provides more context around threats and includes information on attacker tactics, techniques, and procedures (TTPs). It is used to develop proactive defence measures.

• Strategic Threat Intelligence: This level of threat intelligence provides an overview of threats and includes information on trends, threat actors, and geopolitical events. It is used to inform long-term security strategy.

In addition to implementing a threat intelligence program, organisations should also:

• Educate employees on how to identify and respond to threats.

• Implement strong password policies and multi-factor authentication.

• Regularly update software and security. 

• Conduct regular vulnerability assessments and penetration testing.

Conclusion

Protecting data and information has become a critical concern for individuals and organisations. Cyber threats are constantly evolving, making it important to stay informed about existing and emerging threats. 

By implementing a threat intelligence program and following best practices for cybersecurity, organisations can reduce their risk of falling victim to cyber attacks.

ISO 27001 is a great platform for providing a framework for ensuring information security, considering the threats, responding to risks and recognising the importance of relevant security controls. 

Daniel Pemberton

MD - Cardan Business Services Ltd