CREST has updated its guide on Cyber Threat Intelligence to advice organisations on how to stay one step ahead in cyber security.
A newly published Guide from CREST looks into the different types of CTI – standalone deliverables and continued threat monitoring services – and crucially, how this discipline can be used to predict, prevent, detect and respond to threats. The updated Guide also includes new sections on the development of the practice of CTI since the initial iteration, and an assessment of the future trajectory of the discipline. The free Guide is now available to download via https://www.crest-approved.org/wp-content/uploads/2024/04/What-is-CTIHow-is-it-used_2024.pdf
The Guide is written for organisations in both the public and private sectors, and covers the different levels of cyber threat intelligence: operational, tactical, and strategic, and possible sources of intelligence, such as atomic indicators of compromise (IOCs), social media, the dark and deep web, internal sources, publications and information sharing platforms.
Written and peer reviewed by members of CREST Threat Intelligence Professionals (CTIPs) group, the Guide delivers an introduction to Cyber Threat Intelligence.
The 18-page Guide provides accessible advice on the theory and practice of CTI products and services, outlining key concepts and principles underpinning CTI, along with the ways organisations can use the tool to predict, prevent, detect and respond to potential cyber security threats and reduce cyber risk.
Rob Dartnall, Chair of CREST’s UK Council and vice chair of the CTIPs group says: “Studies indicate the value of the CTI market has effectively doubled from US$5.5bn in 2019 to $11.6bn in 2021, with estimates for 2027 as high as $20.2bn. It was time to update the guide in light of increasing interest in this methodology. This updated guide is intended to inform a broad information security audience, including those with and without previous experience and understanding of cyber threat intelligence as a discipline.
“We hope it will help a wide variety of readers understand the principles of CTI, the three levels of intelligence and different types of intelligence sources. It will also help those concerned with managing and mitigating cyber risk appreciate how cyber threat intelligence can be used, and better understand changes in the practice since the initial guide. We also provide some insight into what is next for CTI.”
Rob adds: “In recent years, the ever-increasing threat of cyber crime has seen cyber security shift from a routine IT task to a critical business strategy. And an element of that strategy needs to be better use of intelligence.
“As part of a wider organisational cyber security strategy, CTI can be used to identify patterns and trends that might indicate impending attack. So CTI helps organisations prepare their defences before attacks can even occur.
“Without using intelligence, organisations might defend against too little, due to not understanding the threats they face. Equally, trying to defend against all potential threats is an overwhelming and unsustainable approach.
“What CTI does is help understand threats in order to protect against them. This Guide, we hope, goes a long way to ensuring organisations are fully conversant with the practice of CTI – and what the future holds.”
In terms of what’s next, the Guide discusses market growth, the rise of automation and the increasing accessibility of open-source platforms which help organisations establish their own CTI function and processes, where they would otherwise lack the resources to engage with a dedicated provider.
As Rob Dartnall says: “Increasing emphasis on transparency and sharing of intelligence have contributed to the notion of CTI as a public good. This has been driven by the increasing threat to supply chains and the interconnectedness of technology stacks.
“These shifts are resulting in better sharing of intelligence and capabilities from more mature to less mature entities, on the basis that rising security standards are a net benefit.”
CREST, the non-profit global community of cyber security businesses and professionals working to keep information safe in a digital world, aims to keep members and interested parties abreast of current cyber security issues, with a rolling programme of new guides and guide updates.