The cost of data breaches reached an all-time high this year, according to the Cost of Data Breach Report 2022 by research institute IBM. From major tech enterprises to public sector services like healthcare, no organisation is spared in the relentless onslaught of cyber attacks.
As the recent explosive growth of ransomware and supply chain threats demonstrates, cyber threats continue to evolve and impact societies. The expanding attack surface, driven by digital transformation, cloud adoption, and accelerated by work from home, provides an increasingly target-rich environment.
The threat of cyber attacks is all the more concerning when taking into account the tendency of threat actors to work together. “The bad guys cooperate and share very well,” said Anthony Lim, Director of Strategic Alliances, Centre for Strategic Cyberspace + International Studies, Southeast Asia and Australasia. He went on to explain that these actors often consult the dark web when they are trying to hack or infiltrate an organisation’s IT system. He was speaking at GovInsider’s flagship summit AI X GOV held in April this year.
In the face of these threats, government agencies, ministries of defence and critical infrastructure organisations will need to shift their focus from cyber security to cyber resilience, says Joep Gommers, Founder and CEO of threat intelligence firm EclecticIQ. And much like how threat actors collaborate for nefarious purposes, these stakeholders too will need to collaborate to guard against them.
GovInsider speaks with Gommers to understand the challenges involved in boosting cyber resilience, and what it will take to overcome them.
1. What are some of the main security vulnerabilities hindering cyber resilience in government agencies today?
You can only defend against what you understand. Continuously monitoring the threat landscape and adjusting national defence accordingly is the foundation for any threat-informed defence posture.
Intelligence sharing and exchange is key to doing so, and by extension, to unlocking more effective cyber resilience. We have to ensure that one government’s reactive efforts to an incident or a threat, can become the proactive stance of another government.
2. How does EclecticIQ support nations in their collaboration efforts?
We support national cyber authorities like National Cyber Security Centre and government Computer Emergency Response Teams (CERTs) in their mission to act as a nation’s single-point-of-contact on cyber threats. We do so by helping them to produce actionable intelligence and disseminating it to their critical infrastructure constituency, with the aim of protecting citizens’ personal data and defending digital networks.
When it comes to collaboration, EclecticIQ has a Threat Intelligence Platform which empowers CERTs to establish a national threat sharing community. Through this, they can establish an early warning system that helps improve cyber situational awareness and better detect active threats.
For example, we’ve supported the National CERT of an EU member state government to implement a Threat Intelligence Platform architecture for threat data sharing and collaboration with other national government agencies. This allows them to get information about active cyber threats and improve their situational awareness. With these resources, they will then have the ability to better respond to any threats, boosting their cyber resilience.
3. Tell me more about this Threat Intelligence Platform. How exactly can it help governments improve their cyber resilience?
Our years of experience working with some of the targeted organisations in the world have helped us develop a platform that:
- Can scale and perform as the appetite for data of organisations grow, even when deployed on-premises within the high-security environments of government organisations
- Is TTP-based (Tactics, Techniques, Procedures) to counter the diminishing return of indicators of compromise, and to be able to handle future hunting and detection content
- Is API-first, to ensure threat intelligence can be integrated deep into any cyber security stack without creating siloed security controls
- Is collaborative at heart, comprising unique features like workspaces and support for advanced Hub-and-Spoke federated architectures, to ensure organisations do not face the same threats in isolation
We’re also preparing to launch an Extended Detection and Response (XDR) solution next year to address the key challenges involved in turning threat intelligence into business outcomes, so do look forward to that!
Keen to find out more about EclecticIQ’s Threat Intelligence Platform, and upcoming XDR solution? Hear from them at GovWare 2022, Booth B17. Register for the event here!