As the 2022 Cybersecurity Awareness Month draws to a close, it’s important for people and organizations alike to remember that the threats don’t end when the month is over. Cybercriminals launch attacks 24/7 and the global threat landscape is continually evolving. To stay ahead of the threat actors, consumers and businesses need cybersecurity tools with actionable threat intelligence built in.
To learn more about what threat intelligence is and how it's used to help defend against cybersecurity attacks, we spoke with Cristina Serban, Principal Product Marketing Manager - Technology Licensing Solutions and MSP at Bitdefender. This is the fourth blog in our Cybersecurity Awareness Month series, focused on educating the public with security best practices and expert insights. Be sure to also read the first, second and third blogs in the series.
Q: This year’s theme is “See Yourself in Cyber.” What is your role at Bitdefender and how did you come to work in cybersecurity?
I joined Bitdefender almost four years ago and I am proud to say that as Principal Product Marketing Manager for our Threat Intelligence solutions, I work with an amazing team of people who help defend the world from cyberattacks. Prior to joining Bitdefender, I spent my entire career working for technology companies, before eventually shifting to cybersecurity companies. It was at that point that I realized how much I love working in cybersecurity. It’s an exciting field that brings many interesting challenges, and it’s constantly changing.
I highly encourage people, and particularly women, to consider a career in cybersecurity. Over the years that I’ve worked in the technology and cybersecurity industries, I’ve been pleased to see growth in both the number of women working in technology companies, as well as in the types of roles they’re holding. The opportunities are endless in cybersecurity and it’s very rewarding both professionally and personally to know that I help defend the world, in a way, against criminals.
Q: What cyber threat trends are you seeing around the world?
When it comes to cybersecurity threats, the answers are not always obvious. To gain actionable intelligence and identify trends, one must sort through a vast amount of threat data generated around the world and understand the context surrounding each incident. Bitdefender gathers data from a global network of hundreds of millions of monitored and protected endpoints and systems. It’s one of the largest security delivery infrastructures in the world, capable of processing billions of threat queries daily. That intelligence is fed into our suite of cybersecurity solutions for home and businesses, as well as into our managed detection and response (MDR) service.
Analyzing the threat information, one of the trends we’ve been seeing lately is a consolidation of the market – both on the side of the defenders as well as the attackers. It’s no longer about specific threat actors or groups. They are consolidating efforts and working together, using technologies like artificial intelligence (AI) to automate and scale their attacks so they can spread further and claim more victims.
A positive trend we’re seeing lately is an increase in security awareness among companies. Perhaps it’s a result of campaigns like Cybersecurity Awareness Month, or perhaps it’s from seeing the headlines about organizations that have been breached, but more companies of all sizes seem to be aware of the need to strengthen their cyber resiliency and educate their employees on security awareness. In fact, cybersecurity seems to have become a core objective for organizations in all industries, as they recognize the critical role strong cyber resiliency plays in enabling business operations.
Q: What cybersecurity threats are organizations not paying enough attention to?
There are a wide variety of threats targeting organizations today, and they can differ greatly depending on the size of the organization, the industry they operate in, where they reside geographically, and other factors. One of the most prevalent attack methods today remains phishing.
Cybercriminals leverage specific moments in time and current events to make their phishing attempts more believable, thus making them more successful. Once an attacker has penetrated the organization, they can move laterally throughout the network, extracting data or exposing an organization’s most important assets. With our Advanced Threat Intelligence
solution, Bitdefender captures critical indicators about attacks happening everywhere around the world, from malware strains currently spreading, to advanced persistent threats (APTs). We then use that information and the context surrounding it to protect our customers.
Q: How has the cybersecurity industry’s approach to threat intelligence changed over the years?
Threat intelligence started out as merely a collection of various indicators of compromise (IoCs) captured by engines. But over the years, threat intelligence matured as security analysts realized they needed more than just IoCs. To understand sophisticated threats and identify global trends, security professionals need as much context as they can gather around the IoCs. Bitdefender not only gathers all this contextual data, but also normalizes, correlates, and enriches it through multiple automated and manual processes. In this way, Bitdefender creates actionable intelligence that bridges the visibility gap between what security analysts see within their organization via their own internal telemetry, and the broader view of what is happening across the global threat landscape.
Today, threat intelligence is the lifeblood of a security stack. It provides insights that help organizations understand how a threat actor would most likely target them, identify access points, monitor their most vulnerable assets, and measure their attack surface. If a breach does occur, threat intelligence can even help an organization stop an attacker in their tracks by immediately responding with the right mitigation actions.
Q: What should organizations look for when evaluating a threat intelligence solution?
More and more today we are hearing organizations talk about cyber resilience and how it relates to their overarching business objectives. Threat intelligence plays a very important role in cyber resiliency. Security professionals must consider the right mix of threat intelligence that will align with their own set of internal requirements to help their organizations become resilient against sophisticated threats. This mix will look different for every organization, but everyone should consider the following advice:
- It’s about the data. A threat intelligence solution should have broad coverage to ensure high visibility into the global threat landscape, including the ability to gather data about geolocation, industry, and the platform used for the attack.
- Data should be enriched with additional context so security professionals can easily see how it applies to different systems and scenarios. Additional context can include threat actor and threat family attribution, MITRE ATT&CK® Framework mapping, and more.
- Intelligence needs to be scored so security professionals can quickly determine the severity of the threat level. Scoring should be combined with a popularity index to provide additional understanding of how prevalent certain attacks are.
Q: What advice do you have for individuals on how to become more cyber resilient in their personal lives?
When I speak with friends and family about how they can stay safe in today’s digital world, there are several best practices I always suggest. Many of these are the same recommendations that Cybersecurity Infrastructure & the Security Agency (CISA) is also recommending during Cybersecurity Awareness Month. They are:
- Always keep you your systems and applications updated. If possible, turn on automatic updates.
- Use multi-factor authentication everywhere you can.
- Make offline backups of your sensitive information and important files, including family pictures.
- Always have a security solution installed on your personal devices, including computers, smartphones and any Internet of Things (IoT) devices in the home.
- Never share passwords or other sensitive information with anyone.
One of the biggest risks in cybersecurity remains the human element. Threat actors use social engineering tactics to trick people into divulging sensitive information such as passwords, or information that can be used to breach a home or business environment. By using multiple layers of defense, combined with actionable threat intelligence so you remain updated against the latest external threats, organizations and individuals alike have a better chance in the continuous fight against cybercriminals. By seeing ourselves in cyber and each taking responsibility for the role we can play in strengthening cyber resiliency, people and businesses will be better protected both during Cybersecurity Awareness Month and beyond.