1.9 Relevant cyber threat intelligence information requirements for an organisation

Think of cyber threat intelligence like being the coach of a sports team. Just like a coach needs to know the other team's plays and strategies to win the game, organizations need to understand the cyber threats they might face so they can protect themselves. But not every team plays the same way, and not every organization faces the same threats. For example, a big company that makes medicines might worry about someone stealing their secret recipes, while a small online shop might be more concerned about tricksters trying to scam them.

To figure out what kind of cyber threats they need to watch out for, organizations go through a few steps:

How They Can Be Attacked

This involves understanding the ways in which an attack could happen, like through email scams or by breaking into their computer systems.

Assessing Vulnerability

This is like checking how strong your team's defense is. It might involve testing your own defenses (like a scrimmage game) to see where the weak spots are.

Understanding the Threat

This means figuring out what tricks or techniques the bad guys might use and which part of the organization they might target. It's like knowing whether the other team is good at scoring three-pointers or if they have a star player who's great at penalty kicks.

Let's look at some examples:

Viruses

Viruses are like sneaky plays that can steal information, damage reputations, or even damage equipment. They can sneak in through downloads or infected emails. Teams need to keep up with information about new viruses and have good defenses in place, like strong antivirus software.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

These attacks overload a website or network with too much traffic, making it impossible for legitimate users to get through. It's like fans of the opposing team blocking the entrance to the stadium so your fans can't get in. Teams need to keep an eye out for groups that might want to do this and have plans to manage the crowd.

Ransomware

This is when attackers block access to your files or computer systems and demand money to give back access. It's like someone stealing the playbook and asking for a ransom to return it. To defend against this, organizations might need to spy on the dark web (a hidden part of the internet) to see what tools the attackers are selling or using.

Phishing Attacks

These are like fake plays in sports - they trick you into thinking one thing while doing another. Attackers might send emails or texts pretending to be someone you trust to trick you into giving them information or clicking on a harmful link. Organizations need to teach their team how to spot these fake plays and also keep an eye out for new tricks, like fake websites that look like real ones.