Pros and cons of creating a threat intelligence team

We’ve written several pieces on the importance of threat intelligence these days to an organization. Being on top of threats and not being defensive is one of the ways that a CISO can better mitigate risks.

However, that doesn’t mean most organizations can afford a threat intelligence team.

By definition, if your IT security team is only a couple of hands you can’t afford a separate threat intel team. A lot of Canadian small and medium-sized businesses fit into that category. However, there are still a number of medium and large organizations that could benefit from a dedicated threat intelligence team (which may not necessarily be full-time).

On Monday Scott Simkin, a senior manager in the cyber security group at Palo Alto Networks, published a column on the pros and cons of having such a team which CISOs should consider.

The advantages include the ability to hunt for advanced attacks, profile never-before-seen malware, campaigns or adversaries, and really think like an attacker.

But Simkin suggests CISOs ask the following questions before leaping into creating a threat intel team:

What is your organization’s current security posture? Are you automatically preventing attacks before they can breach your network? Do you have an information security team, and do they have a proven workflow in place for handling a successful cyberattack? How are you protecting your organization’s intellectual property and high-value assets? Is your network properly segmented?

If the answer to any of those questions is “no,” his advice is to get those issues addressed first, before even thinking about the need for a dedicated threat intelligence team.

He also notes that because such a team is expensive and will not only need the support of the C-suite and the board, the team will have to know how to clearly communicates its value to the board.

Meanwhile, organizations that can’t afford a threat intel team need to make use of the intelligence they can get their hands on from a variety of sources, including vendors of their security products and commercial intel feeds. One is the fledgling Canadian Cyber Threat Exchange (CCTX), which hopes to be operational early next year.

Last week I spoke to CCTX chief executive Robert Gordon, who said the service will hold a private symposium Dec. 7 for early subscribers to outline progress on a number of issues including the efforts of several working groups toiling away on problems such as how the exchange will ingest data and the type of reports it will issue.

Some 30 organizations are in varying stages of joining the exchange and will have the opportunity to add their threat and vulnerability findings to commercial feeds. The exchange hopes to convert raw data into timely and actionable information for subscribers.

The exchange is chaired by Marc Duchesne, Bell Canada’s vice-president of corporate security and responsibility. The vice-chair is Colin Penny, SVP technology and chief information officer of Ontario electric distributor Hydro One Networks.

If an organization can’t have a threat intel team, through the exchange it may get the next best thing.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now