Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
How Can I Protect My Company Without a Security Staff?How Can I Protect My Company Without a Security Staff?
Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat ...
July 1, 2019
Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat information or how to determine which threats might affect my specific organization. Can you help?
Paul Kurtz, co-founder & CEO of TruSTAR: In an ideal world, every company would build and maintain a threat model unique to that company based on its business profile, assets, operation location, etc. However, this a challenge even for large, mature teams to accomplish.
Without a security staff, companies may struggle to appreciate the ROI of paid commercial intelligence feeds and be overwhelmed by the volume of open source intelligence. These challenges begin to diminish once a threat model is established and organizational capabilities to select and curate intelligence matures.
While every company's threat model is unique, there should be a significant degree of overlap with industry peers. You can identify and operationalize relevant threat intelligence by joining a sharing community, like an ISAC or ISAO. Correlating this shared industry intelligence with internal security events and alerts from MSSP providers, SIEMs, phishing emails, and case management systems is the ideal spot to begin understanding what industry threats are directly relevant based on that overlap.
This can occur in two ways: one, consuming community intelligence into a SIEM and case management tool, and, two, sharing out suspicious email and events back to the community to determine if anyone else observed the threat as well and can add more context.
What do you advise? Let us know in the Comments section, below.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023