2019 Cyber Threat Intelligence Estimate: Security Must Be Strategic

2019 Cyber Threat Intelligence Estimate: Security Must Be Strategic

In his introduction to the 2019 Cyber Threat Intelligence Estimate (CTIE), General David Petraeus, U.S. Army (Retired), makes clear that cybersecurity must be C-suite business:


…cybersecurity and risk management can no longer be just the province of IT professionals and network administrators. CEOs, corporate board members, CISOs, and other executives have to make cybersecurity “C-suite business” in order to ensure their companies secure what they have, while enabling continuous business and operational change and keeping pace with ever-changing threats in order to identify and thwart would-be hackers and respond rapidly to malicious activity.
General Patraeus


It’s critical that senior leadership keeps abreast of today's evolving threat climate, changes in technology and new regulations. In doing so, they will gain the knowledge needed to inform and strengthen their security programs. But too often executives and the board don't understand the importance of investing in their security program to protect critical business assets and digital transformation initiatives.


As the number and severity of threats has grown, the nature and scope of cybersecurity has evolved from a focus on tools and compliance to an emphasis on outcomes and a more holistic business transformation approach to cybersecurity. This shift toward business risk and strategic opportunity is more than a better way of operating, it’s an imperative. There’s simply no other way to account for the proliferation of security challenges can affect an organization’s well-being.


The report affords a detailed assessment of just what organizations are up against. Some examples:


  • Despite the innovative abilities of threat actors, phishing remains – by far – the most popular form of attack. Phishing targets human users, which are difficult to secure, and they require very little exposure on the part of the attacker.
  • Malicious insiders and nation-states are the most concerning types of threat actor. Insiders have special access that creates opportunities external threat actors do not have and nation-states possess resources and capabilities above and beyond the average threat actor.
  • Perhaps not surprisingly, the top nation-state threats are China, Iran and Russia. But these threats aren’t monolithic. Actors may be direct government employees, independent volunteers or criminals operating with state consent. The report overviews the major cyber threat players around the world and the details are occasionally surprising.
  • Blockchain and cryptocurrencies are hot targets, although volatility in the markets can cause fluctuations in hacker activity. New “stablecoin” offers may make cryptocurrencies a more reliable target.


CTIE Alerts by Category


The 2019 Cyber Threat Intelligence Estimate comprises contributions from Optiv’s Global Intelligence Threat Center (gTIC); IntSights, a cyber threat intelligence company; and Carbon Black, a leader in cloud endpoint protection.


It provides insights into:


  • Vertical industry breach highlights
  • Internal and external threat actors and their motivations
  • Attack tools, techniques and procedures
  • Data breaches and dark web practices


CTIE 2019 also dedicates significant attention to the vertical markets most under fire from cybercriminals, outlining threats and offering key best practice recommendations.


Healthcare-targeting threat actors tend to mount long-duration campaigns and actively seek out public attention on social media. To carry out these campaigns, they prefer to customize existing malware or craft their own from scratch.


CTIE Healthcare Blog Image


Retail is a favored target for deployment of point-of-sale (PoS) malware. Interestingly, hackers targeting retail tend to be less skilled along all six criteria evaluated than threat actors in other verticals.


Not surprisingly, Government often is a target of advanced persistent threats (APTs), a term sometimes used euphemistically to mean a nation-state threat actor. These attack types are difficult, if not impossible, to find and often remain in place for an extended period of time.


The Financial Services sector has experienced a significant increase in cyberattacks and 79% of surveyed institutions said cybercriminals have become more sophisticated.


CTIE Blog Stats Image


The report includes a range of helpful best practice advice, including a top-level emphasis on:


  • Learning about and following threats that are most relevant to their industry to help focus security decisions and efforts appropriately.
  • Ensuring risk assessments are conducted regularly.
  • Developing, deploying and maintaining policies that proactively support the organization.


The 2019 Cyber Threat Intelligence Estimate is available for free download. As the report notes in conclusion, organizations that synthesize threat intelligence and socialize their findings are further along in helping boards of directors, CEOs, CISOs and other executives understand the threat ecosystem and make well informed security decisions.