Live Threat Map
getty
I recently spoke with John Grim, the Director of Cyber Threat Intelligence at Experian. John has 25 years of experience in threat intelligence, investigative response, and digital forensics, and is a former US Marine Corps reservist and US Army soldier. John shared his expertise in threat intelligence, cyber accountability, and continuous compliance.
Tell about your background and your work in security and compliance
According to John, every day is different, and his work relies on a process framework for intelligence, specifically planning, collection, processing, analysis, dissemination, and feedback.
“Cybersecurity and cyber intelligence are all part of the same process to drive better threat understanding, and in turn, build a better defense. We seek to understand our most likely as well as most dangerous adversaries through our intelligence collection, enrichment, and analysis to better prepare our cyber-defenses in the form of mitigations, detections, and response,” he says.
In the end, the goal of working with cyber threat intelligence is to understand the threat and the countermeasures needed to protect the organization.
How do you deal with the stress and the fact that you have to get it right all the time, while the bad guys only have to get it right once?
John stresses the importance of leaning forward and remaining positive. For him, cybersecurity is a constant learning process; keeping abreast with what is happening in terms of threats, analyzing publicly disclosed breaches and benchmark reports, as well as understanding how threat operators operate, how they have seen success, and applying that knowledge to the organization’s cyber-defense posture.
Let’s talk about the Board and C-suite levels within government and intelligence. What is your view on cyber accountability, the risk surface, and geopolitical risks?
John explained that it is necessary adopt a holistic approach when looking at threat actors and the threat landscape they operate within. By understanding those threats, organizations will be better equipped to communicate the threat to the board or C-Level and enable threat-informed decision-making to counter the threat and minimize cyber risk.
John outlined the steps in achieving cyber accountability:
- Move the organization from a reactive to a more proactive approach by embracing a threat-informed defense.
- Adopt a cybersecurity framework. There are various frameworks to choose from, pick one and make it a part of everyday cybersecurity operations and culture.
- Have an incident response plan and playbooks in place to tackle the most likely and most dangerous threat courses of actions.
- Keep the threat actor outside of your perimeter: monitor the deep-dark web and open-source intelligence; review cybersecurity and cyber threat intelligence community reporting; and tune in to, and learn from, organizations such as the Global Advisory Board about the cyber threat to reduce their impact to your environment.
- And remember—people are the key to success! Technology and tools come and go, but people are integral to cybersecurity consistency and cyber risk reduction. Get the right people on board, train them, motivate them, and keep them focused on the tasks at-hand. Make sure you retain those people—challenge them, cross-train them, and let them grow.
In general, continuously improve your security while keeping governance, risk and compliance in mind.
What value does a platform like VigiTrust Global Advisory Board add to the community?
John describes the VigiTrust Global Advisory Board as a fantastic opportunity to share knowledge with industry experts and learn from each other.
“Sharing knowledge is essential, especially when it comes to the threat actors and cybersecurity,” he says. The Global Advisory Board is well placed to keep up with developments in cybersecurity, governance, compliance, intelligence, response, and overall cyber awareness.
What are your views on continuous compliance programs and technology solutions?
According to John, the key word is continuous. Keep security programs and solutions up to date, establish a baseline and then milestones to the next level, continually re-evaluate and update them. After all, the threat is ever-changing; technology is, too.
He describes a framework merely as a guide in a constantly changing landscape, so think outside-the-box to protect what’s inside the box. Keep the framework in mind but remember it’s just a guide. Adjust to change, as necessary. Threat actors do. Rarely do they follow the same patterns from attack to attack. Tools come and go as well, so it is important to constantly review, re-configure, and replace as necessary.
Finally, do not let the process get in the way of progress. While it is paramount to have a process, whether it is a cyber threat intelligence process or an incident response process or otherwise, treat your processes just like your framework. Adjust to the current situation: focus on the threat and its capabilities. Do not just go through the established process by simply checking the boxes.
Read the full article here