Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
How Can I Protect My Company Without a Security Staff?
Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat ...
Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat information or how to determine which threats might affect my specific organization. Can you help?
Paul Kurtz, co-founder & CEO of TruSTAR: In an ideal world, every company would build and maintain a threat model unique to that company based on its business profile, assets, operation location, etc. However, this a challenge even for large, mature teams to accomplish.
Without a security staff, companies may struggle to appreciate the ROI of paid commercial intelligence feeds and be overwhelmed by the volume of open source intelligence. These challenges begin to diminish once a threat model is established and organizational capabilities to select and curate intelligence matures.
While every company's threat model is unique, there should be a significant degree of overlap with industry peers. You can identify and operationalize relevant threat intelligence by joining a sharing community, like an ISAC or ISAO. Correlating this shared industry intelligence with internal security events and alerts from MSSP providers, SIEMs, phishing emails, and case management systems is the ideal spot to begin understanding what industry threats are directly relevant based on that overlap.
This can occur in two ways: one, consuming community intelligence into a SIEM and case management tool, and, two, sharing out suspicious email and events back to the community to determine if anyone else observed the threat as well and can add more context.
What do you advise? Let us know in the Comments section, below.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024