Cyber intelligence-led security: the new protection paradigm

By Cyveillance, Inc.

Today, an increasing number of utilities and energy companies are embracing a new paradigm in the way they approach enterprise security. Previously, a significant amount of security resources were focused on protecting the perimeter. Now a new, more dynamic and proactive approach is emerging as traditional reactive measures are no longer sufficient.

In this framework of change, these enterprises must embrace an intelligence-led approach to security, one based on the premise that security occurs within a well-defined business ecosystem – employees, customers and partners – and not necessarily within an anticipated or physical perimeter. Since the business ecosystem is fragile by nature and falls outside the clearly defined lines of a network perimeter, securing it must be approached with a more offensive mindset.

Intelligence-led security is an approach that integrates intelligence analysis methods, tools and processes into an overall security strategy to effectively manage risk in today’s borderless Internet environment. It is a practical application of Internet monitoring and intelligence analysis, which draws on advanced search strategies and pattern recognition to identify, detect and analyze existing and potential threats to businesses and consumers – in terms of information, infrastructure and interactions. By identifying threats early that are generated by cyber criminals, predators, extremists, activists, insiders, competitors and others, actions can be optimized to speed the prevention and mitigation of security risks.

What this means is that energy companies need to use open source intelligence to proactively identify and mitigate emerging threats before they can cause serious harm. Such intelligence provides energy companies with critical information regarding potential attacks to the organization and its customers, allowing the utility to proactively address these threats before they reach their intended targets.

As a result of the growing sophistication of security threats and their many different attack vectors, it is imperative that a security strategy go beyond just protecting a utility’s infrastructure with defensive tactics such as firewalls, intrusion prevention and detection systems, physical security and other technology; it must also utilize an early warning system that has high visibility into a wide range of possible and presumed attacks.

Backed by proprietary technology platforms and expert analysts that work with utilities to identify risks and increase protection from possible attacks, these open source intelligence applications are vital to ensuring the security of the organization. Open source intelligence gathering and analysis methods not only proactively identify threats to a company; they also provide services to thwart or stop criminals and their malicious schemes.

Cyber intelligence security initiatives are gaining momentum among leading energy organizations as they are proving highly successful in protecting against criminals who target energy companies through phishing and malware attacks. In the absence of proactive monitoring, online criminals go undetected and undeterred from misusing a company’s brand for financial gain, putting the organization and its customers at significant risk for fraud.

Issues often affecting the energy community are planned demonstrations and attacks on physical assets or employees. Threats to the customer experience and information assets are a large part of the security challenge, but the growing trend towards blended attacks and the cascading damages are forcing organizations to converge physical and information security services. The physical aspects of security include the controlled access to building, equipment and facilities as well as protection against:

• Planned boycotts against products and services
• Organized demonstrations that are potentially brand damaging or violent
• Planned activities to interrupt business operation and events
• Smear campaigns and dissemination of misinformation
• Physical threats against employees, corporate officers, facilities and resources
• Solicitations to conspire against the organization

Due to the ubiquitous nature of the Internet, it’s possible for intelligence-led security efforts to detect and predict attacks on physical corporate assets, including offices, facilities, traveling employees, conferences and media events. Many activists, extremist and vandals use the Internet to coordinate their activities. Open source intelligence gathering can often identify groups that are in the planning stages of their activities.

How to implement this new security approach smoothly is one of the central challenges facing organizations today. Organizations often find that they do not have the internal resources necessary to identify, monitor and analyze all online threats that can jeopardize their company’s security. Organizations need to rethink their security models and embrace an ecosystem approach that is modeled around leveraging open source intelligence from a combination of internal resources and external open source intelligence providers.

To protect the full scope of business and consumer interests, intelligence-led security needs to capture, store, process, filter and analyze information from many sources. If budgets were no obstacle, security officers could hire their own armies of human “intelligence agents” to operate wherever business is conducted, constantly monitoring and tracking commercial activities, looking for threats. This is neither practical nor affordable, but there is another way. An economically viable approach to intelligence-led security is found in the ever-growing mountains of visible and hidden data that exists in global cyberspace. This wealth of raw data can be cost-effectively harvested with leading-edge automation, and then filtered, analyzed and presented to the security team and other enterprise stakeholders in an easy-to-assimilate and highly relevant format.

Each day we hear more horror stories of security breaches resulting in lost or stolen intellectual property, personal credentials or attacks on physical assets and employees. The dynamic evolution of online threats has created an environment where organizations that fail to adopt security practices that rely on actionable cyber intelligence, will find themselves always one step behind the criminals.  However, by implementing a proactive intelligence-led approach to security, organizations are able to identify and detect these threats before they can significantly affect their customers, employees and infrastructure.

Contact details:
Cyveillance, Inc.
1555 Wilson Boulevard, Suite 406, Arlington, VA 22209-2405
Toll Free: 1.888.243.0097, T: 703.351.1000, F: 703.312.0536, W: www.cyveillance.com