Episode Details

Cyber threat intelligence is a conceptual term with an international impact. Agencies around the world are racing to identify and stop cybercriminals from infecting and infiltrating networks to use our data against us. In this episode of No Password Required, Dr. Sagar Samtani, assistant professor of information systems and decision sciences at the University of South Florida, explains the cyber threat intelligence (CTI) life cycle and what you and/or your organization should do to help protect data assets and prevent cyberattacks.

Data is the prime target of many cybercriminals, yet what data they are searching depends on their goals. Are they scraping for social security numbers? Obtaining passwords? Collecting credit card numbers? Or worse? And why? It’s hard to imagine all the ways that data can be exploited.

Your data is widely available depending on where and how you store your data and whom you give permission to access that information. Personal choices, like having a smartphone, can be a gateway to someone collecting your data. Being on the grid with a social security number, health insurance, financial accounts, all these bits of information are housed somewhere, and cybercriminals know this. With the help of artificial intelligence (AI), cybercriminals are able to scrape data faster than ever before and with the launch of quantum machines, our security choices will be paramount to protecting our identity and data assets.

Cyber threat intelligence is helping individuals and industries protect themselves by understanding what is important, what are the exploits, and how to effectively respond. It is also helping to refine artificial intelligence algorithms to better assist in threat analytics. Dr. Samtani describes how industries are responding to industry-specific cybercrimes and developing response standards, protocols, and frameworks. He gives the example of the healthcare industry and HIPAA compliance as well as financial institutions and their evolving PCI compliance protocols. Understanding why a data asset is a target is a key facet to the cyber threat intelligence life cycle.

What are the Four Phases of Cyber Threat Intelligence?

1. Identify what assets you (an organization) possess that hold value, e.g., a social security number, and how to protect those assets
2. Data collection that is relevant to those critical cyber assets
3. Threat analytics – whether traditional or AI techniques are being utilized
4. Operational Intelligence – how is the compromised data actually used or exploited

Dr. Samtani explains there are two basic types of cyber threat intelligence analytics. First are the traditional threats, such as malware analysis. The second category is quickly changing as artificial intelligence evolves: data mining, text mining, and natural language processing based on pattern and techniques. Building systems that are designed to log and report data is crucial to discovering breaches and reporting them to prevent further penetration.

Once Data is Stolen, Where Does it Go?

Dr. Samtani discusses how hackers, cybercriminals, even geopolitical threat actors are using the data. He explains how the Dark Web is playing a role as a marketplace and toolbox for hackers. He details the four basic platforms--forums, Dark Web marketplaces, darknet carding shops, and internet relay chat--that cybercriminals use to complete their tasks and possibly grow their notoriety. Hacker behavior on the Dark Web is unlike traditional crime circuits where anonymity is preferred. There are tiers of hacker and they can use their screen names to build their reputation for monetization, credibility, and recognition. Artificial intelligence is being fine-tuned to help detect cybercriminals through intelligent predictions.

Security Protocols and the Danger of Oversharing

Individuals, organizations, developers, and even marketers p