Argus - Fotolia

TechUK to spotlight cyber threat intelligence

The ability to sift through that data and spot trends and emerging threats is becoming a useful and important tool for security professionals, according to TechUK's Talal Rajab

UK technology industry association TechUK is to highlight cyber threat intelligence at the Security & Counter Terror Expo in London in April 2016.

TechUK will present a conference on cyber threat intelligence alongside a security-related exhibition, the World Counter Terror Congress, and conferences on critical national infrastructure, transport security and advanced technologies.  

“Threat intelligence is one of the most innovative tools emerging in the cyber security profession, as companies are accumulating and aggregating more data,” said Talal Rajab, programme manager for TechUK’s cyber, national security and criminal justice programmes.

“The ability to sift through that data and spot trends and emerging threats is becoming a really useful and important tool for security professionals, although it is still not as well understood or as well used as it could be,” he told Computer Weekly.

Although the use of threat intelligence tools is gaining momentum, Rajab said there is still some confusion about the distinction between information and intelligence.

“While most companies are accumulating a lot of information, relatively few are converting that into intelligence that can be used to protect themselves against cyber attack by identifying and anticipating emerging threats,” he said.  

Sharing threat intelligence

At RSA Conference 2016 in San Francisco, Intel Security Group head Chris Young called on the security industry to do more to share threat intelligence.

“The bottom line is that threat intelligence is only as good as the countermeasures that it informs, and that has got to be our ultimate goal,” Young said, calling on security organisations to join the Cyber Threat Alliance (CTA).

A key part of informing countermeasures, said Rajab, is applying human intelligence and experience once the technology has sifted through the data to identify what needs further investigation.

Similar to the CTA, TechUk considers it very important that threat intelligence is shared in the information security community for the benefit of all.

“We have set up Trusted Agents Forum, which enables TechUk members to share threat intelligence and analysis. It is only through sharing threat intelligence and best practice that companies can better protect themselves,” said Rajab.  

Trusted Agents Forum

The Trusted Agents Forum was set up in 2011 to complement the government sponsored cyber security information sharing partnership (Cisp), which is hosted by the national computer emergency response team (Cert-UK).

“We set up the forum in addition to having our own node on the Cisp. Our members told us that while having online platforms to exchange threat intelligence and analysis are useful, nothing beats personal interaction with people, which helps build trust,” said Rajab.

Sharing through personal interaction, he said, enables organisations to know exactly who they are sharing information with and how that information will be used.

The Trusted Agents Forum meets on a monthly basis to discuss topics around changing themes. It has input from Cert-UK on emerging threats and contributions from forum members on what they are seeing in their own environment and how they are countering specific threats.

When curating content for the cyber threat intelligence in April, Rajab said TechUK looked at emerging threats and the tactics and techniques organisations are using to deal with those threats.

“We also looked at some of the regulatory and policy changes that will be coming into force in a couple of years that will bring cyber security to the top of board agendas,” he said.

These include the European Union’s Network Information Security (NIS) directive and General Data Protection Regulation (GDPR), which are both expected to come into effect in early 2018.

Cyber crime keynotes

Another key area of focus for the conference will be cyber crime, with a keynote presentation by Mike Hulett, head of operations at the National Crime Agency’s  National Cyber Crime Unit.

“He will be talking about the work the NCCU has been doing to counter cyber crime in the UK. The important thing will be understanding how that will trickle down to the local level,” said Rajab.

Another session will look at addressing the cyber security skills shortage in local police forces, with input from former police officers who now run a cyber security training firm.

Although local police knowledge around cyber crime has come under fire in recent times, Rajab said a lot of co-ordination is being done at a national level by the National Police Chiefs’ Council (NPCC).

“In terms of improving skills at a local level, the College of Policing is gradually introducing courses on cyber crime, with a big uptake particularly in the past year,” he said.

Police Regional Organised Crime Units (Rocus) are also working with the NCCU, academia and industry to “get their house in order,” said Rajab.

Security education

In addition to looking at cyber security skills in the context of policing, the conference also features sessions looking at how to address the general shortage of cyber security skills globally.

“There needs to be a greater focus on ways of addressing the skills shortage at primary and secondary school levels, and not just at university level,” said Rajab.

Another area of focus for the conference will be cyber incident response, which is an emerging discipline after years of information security being purely about defence.

Read more about threat intelligence

  • Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.
  • Learn how threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.
  • Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data.

“Organisations tend to put a lot of resources into cyber defence, but it is important they understand that breaches are inevitable. Therefore, it is important to put processes in place when that happens so business operations are affected as little as possible,” said Rajab.

“Organisations need to pay more attention to getting their businesses up and running after an attack as soon as possible. They must ensure that they have strategies in place for dealing with their customers, suppliers and the media,” he said.

Although this is an “important message” for all companies, Rajab believes the tech sector – along with financial services – is ahead of most others in understanding the types of data they hold, the types of security they should put around each type of data and what to do in the event of a breach.

“A danger in other sectors is the approach of buying the biggest, shiniest, most expensive kit and thinking that that alone will make them safe,” he said.  

New technology brings new threats

Another key theme of the conference will be emerging threats, particularly due to advances in technology.

“As we continue to move into the world of big data and the internet of things, the threat landscape is going to increase because there will be a bigger target for attackers to go for,” said Rajab.

However, he said this does not mean new technology should be avoided. Instead, security needs to be at the forefront of technology adoption to derive the benefits without the risk. Security should be a key element in the design process to ensure products and services are inherently secure before they are released to customers.

In addition to the NCCU’s Mike Hulett, key speakers at the Cyber Threat Intelligence Conference at Olympia in London on 19 and 20 April 2016 include Cert-UK director Chris Gibson, Intercede chief executive Richard Parris and Institute for Security Science and Technology director Chris Hankin.

Read more about incident response

  • Professional incident response providers can quickly bring the additional resources and the expertise that companies often need to handle a rapidly unfolding threat.
  • Planning and foresight are essential to any cyber security incident response plan. Follow these steps to make sure you are ready for a data breach.
  • Organisations hit by cyber attacks often lack an effective incident response plan. Why are so many unprepared?

Read more on Hackers and cybercrime prevention