Here’s How Government Can Limit Cyber Breaches

When Target, the national retailer, was breached in 2013, more than 110 million customers were exposed to potential credit card fraud. The breach was one of the largest on record, but it could have been lessened or possibly even prevented, says Jason Polancich, Founder and Chief Architect at SurfWatch Labs.

Right now, the private sector is paying a lot of attention to cyber threat intelligence as a way to track risk inside the digital universe before it hits home. Had Target monitored trending cyber threats for Point-of-Sale malware aimed at similar businesses, the company could have proactively investigated their own systems for high-probability infections. The likelihood of catching the malware attack — which eroded consumer trust and impacted the retailer’s earnings — could have ultimately occurred a lot sooner.

“More companies today are looking at cybersecurity as a business issue. An attack can mean a great deal of financial harm,” Polancich says. “And, if you see cyber as a business issue, then it means you understand the value in using cyber threat intelligence just like business intelligence for other critical operations like sales because it can directly impact your bottom line.”

But, intelligence is not always defined in the same terms by government leaders.

"Many in the government equate 'watching' with intelligence," Polancich says. "To be proactive, sound intelligence takes solid, comprehensive threat data analyzed and monitored continuously against specific risk areas. What the government does is almost entirely reactive." 

At present, the bulk of government efforts are spent almost indiscriminately combing endless data sets, Polancich says, in the hopes of identifying what might be out there, as opposed to starting with what definitely is a real and relevant threat.

Polancich, who has spent the last 20 years working in the intelligence community, says that threat intelligence is essential to cybersecurity planning. This type of monitoring and analysis can help government learn more about its security profile and how best to defend against certain styles of attacks most likely to occur.

There are several tactical ways that agencies can monitor their risks, Polancich says. He recommends that government take a strategic intelligence approach to complement the lower level tactics, ingesting data so that it’s collected and analyzed for irregularities across many different sources at many levels. Amongst others, this includes monitoring network, open source, social media and dark web activity for potential vulnerabilities.

Traditionally, cyber threat intelligence meant security teams had to review an overwhelming amount of internal data to find evidence of a threat, but with a strategic intelligence approach in place, agencies rely on data analytics and applications to monitor comprehensive risk from inside and outside the organization. This type of planning also puts cyber threats into a business context — what they can mean for the impact of your customers, IT infrastructure, finances and brand or reputation.

“Until now, cybersecurity has been seen by government as a technical or IT problem, but it’s really a business problem,” Polancich says. “With threat intelligence guiding your cybersecurity plan, you can anticipate the risks and defend against vulnerabilities that matter most for your business.”

This content is made possible by our sponsor. The editorial staff of Nextgov was not involved in its preparation.