Article Preview
Top1. Introduction
The cyberspace continues to face several threats, with attack mechanisms and means of exploiting cyber space vulnerabilities evolving rapidly alongside preventive measures, leading to huge data breaches, financial loss and several other negative impacts for both individuals and organizations. There is a significant focus on stealing, compromising, or destroying organizational assets with huge reputational, confidential, intellectual, operational, or financial value (Bendovschi, 2015). The goal of cyber threat intelligence is collection of indications of compromise and developing knowledge regarding the adversary towards reducing risks posed to organizational networks and their stakeholders. Hence, it is crucial to have intelligence data towards identifying attacks and analysing their threats, with the application of analysis techniques based on hypotheses and pieces of evidence. For comprehensive threat reviews, the following are fundamental questions that require answering:
- •
Who are the adversaries, including actors, sponsors, and employees?
- •
What adversaries use, including their capabilities and infrastructure used?
- •
Where adversaries usually attack, detailing industries, types of companies, and geographic regions.
- •
When adversaries act, identifying timelines.
- •
Why opponents attack, including motives and intentions.
- •
How adversaries operate, focused on their behavioural patterns.
Cyber-attacks take advantage of vulnerabilities, whether associated with the software, computing devices, or humans that manage and use them. An intelligence product based on Cyber Threat Intelligence must always have two final elements: context and action; without both, intelligence on the threat would be neither understandable nor actionable. Cyber Threat Intelligence services aid in tracking, analysing, interpreting, and mitigating continuously evolving cybersecurity threats and attacks (Kanakogi et al., 2021). They also manage relevant data required to combat cyber risks. The investigation, detection and remediation of harm is further hampered due to evolving patterns for cyber-attacks. This implies that despite the development and adoption of enhanced security measures towards preventing, detecting, and disrupting potential attacks, attacks are becoming more dynamic, thereby enabling the launch of complex adversarial attacks (Li et al., 2020). Based on these, it has become even more pertinent to better comprehend potential threats towards raising security levels. This subsequently enables organizations to detect threats and exchange related information towards their prevention. This practice of collecting and aggregating information on possible threats defines the scope of cyber threat intelligence, facilitating organisational identification and understanding of attacks at hand. It also expedites security operations, as well as pushing and prioritizing application of security controls (Mavroeidis & Bromander, 2021). The objectives of adopting an intelligence-driven approach include preventing successful attacks and ability to observe and define effective responses to incidents in cyberspace. CTI also focuses on gathering technical information about attacks for improved comprehension and attribution of the attack’s Tactics, Techniques, and Procedures (TTPs), attack principal and motives. This thereby enables proactive, responsive, and intelligence-led cyber resilience (Ramsdale et al., 2020). The goal of the intelligence also includes offering the most relevant information possible, providing evidence-based knowledge regarding existing or emerging threats. Relevancy, context, timeliness, accuracy, and workability are also crucial features for an effective CTI (Mavroeidis & Bromander, 2021). To combat cyber threats, there is also implementation of mitigation approaches based on risk assessments. This is followed by establishment of detection techniques to potentially minimize the effect of attacks in a timely manner. Following detection of a threat, it must be contained and necessary remediation solutions applied (Veerasamy et al., 2019).