Adopting and integrating cyber-threat intelligence in a commercial organisation

ABSTRACT

Cyber-attacks are increasingly perpetrated by organised, sophisticated and persistent entities such as crime syndicates and paramilitary forces. Even commercial firms that fully comply with industry “best practice” cyber security standards cannot cope with military-style cyber-attacks. We posit that the primary reason is the increasing asymmetry between the cyber-offensive capability of attackers and the cyber-defensive capability of commercial organisations. A key avenue to resolve this asymmetry is for organisations to leverage cyber-threat intelligence (CTI) to direct their cyber-defence. How can commercial organisations adopt and integrate CTI to routinely defend their information systems and resources from increasingly advanced cyber-attacks? There is limited know-how on how to package CTI to inform the practices of enterprise-wide stakeholders. This clinical research describes a practitioner-researcher’s experiences in directing a large multinational finance corporation to adopt and integrate CTI to transform cybersecurity-related practice and behaviour. The research contributes practical know-how on the organisational adoption and integration of CTI, enacted through the transformation of cybersecurity practice, and enterprise-wide implementation of a novel solution to package CTI for commercial contexts. The study illustrates the inputs, processes, and outputs in clinical research as a genre of action research.

KEYWORDS:

• Cybersecurity
• information security management
• cyber defence
• incident response
• threat intelligence
• clinical information systems practice

Acknowledgments

We would like to acknowledge the thoughtful inputs and suggestions received from the reviewers and editorial team on this paper.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1. The organisational context referenced in this paper is the first author’s personal reflections on his lived experience in his professional role spanning a number of organisations and does not reflect in any way the posture or position of any of the organisations involved.

2. A threat intelligence alert triggered by an external event (e.g., an attack on another financial organisation).

Additional information

Notes on contributors

James Kotsias

James Kotsias is the Director of Advantage Cyber. He holds a Master’s Degree in Information Systems from The University of Melbourne. He leads an offensive security and operations function, and advises long-term cyber security and threat strategy for a number of organizations. James also sits on the Cyber Executive Advisory Board at Deakin University; providing input to the Cyber Security Research and Innovation Center (CSRI) and its extended intelligent systems research. His current research interests are the expanding theater of cyber warfare, the evolution of corporate espionage, the weaponisation of defensive systems, and kinetic incident response structures. James bluescreened his first PC at the age of 7.

Atif Ahmad

Atif Ahmad is an Associate Professor at the University of Melbourne’s School of Computing & Information Systems where he serves as Deputy Director of the Academic Centre of Cyber Security Excellence. Atif leads a unique team of Cybersecurity Management researchers drawn from information systems, business administration, security intelligence, and information warfare. He has authored over 100 scholarly articles in cybersecurity management and received over AUD$5M in grant funding. Atif is an Associate Editor for the leading IT security journal, Computers & Security. He has previously served as a cybersecurity consultant for WorleyParsons, Pinkerton and SinclairKnightMerz. Atif is a Certified Protection Professional with the American Society for Industrial Security. For more information, please visit https://www.atifahmad.me/

Rens Scheepers

Rens Scheepers is a Professor in the Department of Information Systems and Business Analytics at Deakin University. He also serves as Director of the Business & Technology research theme at the Deakin Business School. His research focuses on how organisations can achieve and protect competitive advantages from the application of contemporary information and communication technologies and systems.