How threat intelligence can help small and medium sized businesses

The problem is... cyber crime just pays too well

Cyber crime, including ransomware and other forms of attack has become a booming global business for a few years now, its growing and it is not going away. Cybercrime is expected to cost the global economy ~$9.5 trillion in 2024, Ransomware alone is projected to generate $42 billion and this is anticipated to rise to $265 billion annually in the next seven years.

With profits like these the problem is only going to grow. Criminals are making too much easy money, with reports of lavish luxury cars, houses and holidays as well as extravagant prizes for team members coming up with the best money making scam ideas.

If you have not already been hit by cyber crime the chances are it’s just a matter of time until your defences are tested.

One of the main root causes of ransomware attacks are through the exploitations of vulnerabilities. Vulnerabilities are errors in software and hardware that allow threat actors to abuse them in some way. Unfortunately all complex code is likely to contain vulnerabilities no matter how much it is tested and code tends to become more complex over time. This year the number of reported vulnerabilities is expect to hit almost 35 thousand, an increase of 25% from the previous year.

The other main entry point for ransomware groups is using valid credentials, these can be credentials that have been stolen from 3rd party sites and have been re-used or from phishing attacks luring your users to login and provide usernames and passwords.  There are thriving illegal markets where these can be bought and sold., the kits used to steal credentials can also be purchased allowing easy access to non technical criminals.

While the story so far paints quite a bleak picture there are things we can do to make ourselves safer, while  with cyber security there is never an end goal or a level of maturity where you can put a big green tick on it and say we are secure, nothing will ever happen. That would be like saying no one will ever break into your house.  But we can put things in place to make it much more likely that they will move on to a much easier target, to paraphrase the old adage:

You don’t have to be the fastest, you just need to make sure you are not the slowest.

Criminals are the same as all of us, and will go for the low hanging fruit first. Over time they will start to look at the harder to reach fruit further up the tree and that is why cyber security is a journey and the sooner you start o secure your business the further ahead you will be..

How threat intelligence can help.

Particularly when you are starting out on your journey towards becoming more secure, it can be hard to know where to start, for smaller organisations that do not have significant budgets it can be difficult to know where to focus your limited resources.  Large organisations have large budgets, one of the key areas they spend money on is threat intelligence, this allows them to keep up with the latest threats and trends so they understand if there is an imminent risk that they need to address.

We mentioned earlier there will be 35000 vulnerabilities in 2024 alone, keeping up with these is an impossible task, using threat intelligence you can priorities the ones you know put you at risk or are being used by the ransomware groups so that you can focus on a much more manageable number. For example out of those 35000 only 239 have been seen to be actively exploited by ransomware groups so it makes sense to start with these.

Another growing trend is zero day exploits being used by these groups, these are often mass exploited as widely as possible before patches become available and used to install back doors allowing the attackers to get back in even after the system has been patched. If you know when these events are happening and what additional steps you need to take to see if you have already been compromised you can take action before an attacker can take advantage.

Threat intelligence can also help you understanding which security fundamentals you should focus on first to help level up your organisation, what to focus on right now to defeat the current tactics being used by the criminals attacking you.  One of the most valuable tools in your arsenal are your people, untrained they can be a liability, clicking on phishing emails and giving away their credentials.  Trained they can be your early warning system, identifying phishing campaigns so that you can take action and avoiding business email compromises that can cost you thousands.

Having intelligence that is easy to understand and drives action, is critical to to protect your company.