Cobwebs Technologies – a global leader in Web Intelligence. sends letter to world technology leaders
Today, the array of threats posed to disrupt businesses only intensifies, while the systems and methods organizations use to assess the potential for trouble often fail to keep pace. The result is incomplete intelligence gathering, lack of visibility into the exact nature of threats, and increased risk exposure.
The current list of threats ranges from continuously evolving cyberattacks and business espionage to geopolitical instability and terrorism. Natural disasters, extreme weather, and the ongoing novel coronavirus pandemic compound matter. Threat actors, for example, have launched ransomware attacks against hospitals, knowing their vulnerability amid expanding patient caseloads due to COVID-19. Against this backdrop, corporate security personnel must safeguard senior executives, employees, intellectual property (IP), supply chains, and brand status to name a few corporate assets.
It’s a daunting challenge. Lives, property, and corporate reputation are all at risk when an enterprise’s ability to properly evaluate and respond to threats is impaired. Indeed, many corporate risk mitigation approaches struggle to deal with the constantly shifting threat landscape.
Limits of current methods and tools
The problem stems, in part, from outmoded investigative methodologies. Organizations naturally settle on practices that have worked in the past. They may limit their threat scanning to a limited number of social media platforms, for example. Such narrowly focused inquiries, however, fail to account for fast-moving changes in web-based platforms, forums, and chat groups. Users discouraged from posting inflammatory messages on one mainstream platform will frequently move to lesser-known, alternative platforms.
But the social media platforms — and their millions of users — found on the surface web are just the beginning. Corporate security teams must also keep tabs on information sources and repositories housed in the deep web and the dark web, both of which are not indexed by conventional search engines. Those web layers contain a multitude of data that could threaten a business. The dark web, in particular, harbors numerous sites and markets trafficking in login credentials, trade secrets, email addresses, credit card numbers, and tools for engaging in cyberattacks. Dark web forums, which suddenly surface and just as rapidly disappear, can also contain information relevant to a corporate security investigation.
In short, the organization still dependent on social media channels for threat assessment needs to broaden its horizons.
Another important weakness hampering corporate security: investigative tools with limited functionality. Threat intelligence platforms, offered by third-party service providers, serve as the default investigative systems for many corporate security operations. Such a platform is designed to alert a security analyst about a threat, but it doesn’t provide much assistance with vetting threats or creating an effective response.
In addition, relying on a single intelligence service provider also limits an analyst’s ability to tap additional sources to validate a threat and determine its scope. Organizations that can’t readily determine the severity of a threat, run the risk of overreacting and assigning too many resources to the response or, conversely, underestimating the threat and devoting too few. A disproportional response is the direct result of a one-dimensional notification. So, while a threat intelligence platform provides a useful service, it’s only one part of the threat identification and response toolkit.
What organizations need to run an investigation
An investigative platform should, ideally, cover all parts of the intelligence cycle, from planning and data collection to processing and analysis. A system that spans all those components, providing end-to-end automation, forges the critical linkage between notification and response.
Other platform qualities to consider include breadth of monitoring. Analysts should be able to define the scope of monitoring based on their own parameters, which could include geolocation data, hashtags, keywords (such as the names of executives, brands, or other corporate assets), and advanced Boolean operators. Monitoring should also cast the widest possible net across the surface web, deep web, and dark web, pulling in data from social media platforms, forums, and news sites among other sources.
The wider the reach, the better organizations can protect their assets. Thorough monitoring can help determine whether threat actors are using the company’s brand for nefarious purposes on a dark website or transferring its intellectual property.