{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
One of the core objectives of threat intelligence is to put threat activity in context within the organization, within an industry, within a geography, and in comparison to other industries. Contextualizing helps answer the question: How serious is this threat to our business?
Contextualization is important to inform decision makers and other stakeholders about the nature of threat activity, the scale and scope of observed threat actor operations, the motivations driving threat actors, and a myriad of other factors such as geopolitical issues as well as advancements in technology and security practices.
These insights equip organizations with the necessary context for distinguishing a singular, innocuous incident from a broader breach or highly sophisticated and persistent threat to the organization involving a series of related occurrences.
Without sound threat intelligence, it’s impossible to respond quickly to breaches amid incomplete information. Threat intelligence has been an important foundation for response, remediation and communication strategies during and after an incident, as well as for recommendations on future efforts to improve a company’s cyber posture.
In July 2023, the SEC issued a new disclosure rule related to cybersecurity that applies to all SEC registrants reporting under the Securities Exchange Act of 1934. The rule requires timely disclosure of certain information about a cyber incident if the incident is determined to be material, beginning December 18, 2023.
To apply the securities law materiality standard in the context of a cyber incident, it is important that companies are prepared to conduct an objective analysis of both quantitative and qualitative factors, including evaluation of an incident’s impact and reasonably likely impacts. There’s often a high degree of judgment in making a materiality determination, and it can benefit from an informed and deliberative threat intelligence program.
Threat intelligence can enhance leaders’ confidence in determining materiality of a cyber incident. Specifically, threat intelligence can provide timely and accurate information on aspects of the threat landscape including technical indicators, threat actor techniques, threat actor motivation (espionage, financial) and in some cases, origin and sponsor. The CISO or CIO needs threat intelligence insights so they can escalate properly and promptly — in the right context — to the CFO, General Counsel, and disclosure committee. The CFO needs solid and judicious information to apply the materiality standard in a defensible manner. The General Counsel needs information that is properly qualified to help in making legal judgments about an event or incident. By properly qualified, we mean information that is provided within the context of what’s known, yet unknown, or still developing. Threat intelligence can contribute to a clear process and methodology to articulate and substantiate the analysis behind the materiality evaluation.
By investigating questions like the following, threat intelligence can help assess both quantitative and qualitative factors in determining materiality.
Click here for a handy reference on how threat intelligence can help when evaluating materiality of a cyber incident.
The new SEC cyber disclosure rule requires SEC registrants to comply with expanded disclosure requirements beginning with annual reports for fiscal years ending on or after December 15, 2023. These requirements will stress test how effectively organizations define and identify cyber risk and incidents in their environment, something that strong threat intelligence practices can support.
The specific requirements for risk management and strategy have two parts:
Here’s how you can quickly check how well you’re putting threat intelligence capabilities at the service of better cyber risk management and disclosures.
Threat intelligence can be a powerful resource for the CISO, CIO, CFO, General Counsel and disclosure committee. The strength and discipline of threat intelligence goes to the heart of making well informed decisions — both in the determination of the materiality of a particular cyber incident and in addressing a risk that the cyber strategy is meant to mitigate.