Threat Intelligence – Why you should seriously evaluate the limitations.
As a vendor who specialises in building threat intelligence capabilities for businesses it wouldn’t be responsible of me to not touch on the limitations of such a capability during the initial sales pitch. Its all too easy to focus on the benefits (after all we want to get the sale, right?)
Providing a value through Cyber Threat Intelligence
We need to be fair and transparent, After all, we want to provide a service that will leave the client in a better place than when we started. We should do this before initial buy in in my opinion.
So having said that, below are what I consider to be some of the main limitations that you should consider discussing.
Unknown Unknowns
Life is full of surprises and sometimes we must be prepared for things to happen that we couldn’t predict, plan for or understand. Sometimes with the best planning, foresight and intelligence things just don’t pan out the way we want. We must accept this might happen.
Risk of Intelligence failures
Intelligence failures can happen at any stage of the Intelligence Lifecycle, in essence this can stem from not collecting the right stuff, failing to interpret and analyse all the way through to formulating the wrong hypotheses. The point here really, is it does and can happen. This could lead to the wrong decisions being made which could have a negative strategic consequence.
Data shelf life
Timely and actionable is key, having lots of data but not getting any use from it is quite pointless. Data can become out-dated very quickly and as such could be useless.
Capabilities and skillsets of the team
Sometimes the team isn’t up to the job. A balance of skills, experience and differing backgrounds is key to running a successful Cyber Threat Intelligence function. Acquiring the right skillset can be troublesome and expensive, keeping the right skillset can also be challenging.
Getting it wrong can also be expensive. As with all planning, real expectations need to be set that are firmly within the capabilities of the team.
Threat landscape evolves rapidly
Self-explanatory really, but in the cyber realm things move at an alarming rate! What is happening today quickly becomes yesterday’s data and as such may change your teams direction and priorities. Dealing with these changes, understanding how they may change the outcomes of your original planning is key to keeping things on track and still managing to gain success.
Setting real and clear expectations prior to the engagement will not only help you deliver a better service but will help you build a stronger rapport and trust with the client.
SMARTSEC can help you deliver an effective Cyber Threat intelligence function through proper planning and direction.