Cyber Intelligence Report Q3 2015

Cyber Intelligence Report

A SPECIAL REPORT FROM THE EDITORS AT CYBERSECURITY VENTURES

Q3 2015

The Cyber Intelligence Report provides OSINT and cyber intelligence trends, statistics, best practices, and resources for chief information security officers (CISOs) and IT security staff.

OSINT / CYBER INTELLIGENCE

Open source intelligence is a “must-have” solution for corporate security staffs.

Sponsored by Silobreaker, provider of cyber threat intelligence solutions for CSOs, CISOs, cyber-responders, C-level executives, and corporate stakeholders.

  • The threat intelligence security market size is expected to grow from $3 billion in 2015 to $5.8 billion + by 2020, at a Compound Annual Growth Rate (CAGR) of 14.3 percent from 2015 to 2020, according to Research and Markets.
  • According to research from IDC, worldwide threat intelligence security services spending will increase from $905.5 million in 2014 to more than $1.4 billion in 2018.
  • ”Dark Reading’s 2014 Threat Intelligence Survey” reveals that 66 percent of respondents say they use threat intelligence regularly to guide IT security strategies, with 60 percent of those security pros saying it plays a vital role, even shaping their entire security strategies.
  • Forrester Research states that Investors are eager to capitalize on the strong demand for CTI solutions and services: Since October 2014, Cyberthreat Intelligence (CTI) vendors have raised $102.5 million (USD), and there have been three acquisitions. The vendor landscape is overwhelming, and security and risk pros must separate fact from hype when it comes to investing in CTI offerings, according to Forrester.

Why cyber should not be limited to cyber – a ‘must read’ for CIOs and CISOs

  • By 2017, 75 percent of large enterprises will receive custom threat intelligence information tailored to their industry, company, brand, and environment, according to IDC.
  • Samuel Culpepper III, a former U.S. military and contract intelligence analyst, a combat veteran, and executive editor of Forward Observer Magazine, summed up OSINT in a Guerillamerica blog post stating “Open Source Intelligence (OSINT) information makes up 80-90 percent of all intelligence information because there are so many sources and collectors. Every website, news report, magazine article, and speech produces OSINT information. A good intelligence analyst doesn’t have to know everything, he just has to know where to find it. The entire internet is our intelligence repository.”
  • “As intelligence agencies spend billions of dollars on covert programs that sweep up private data, they’re neglecting … open-source research… some former intelligence officials say” according to an article in the Pittsburgh Times. “Some answers that spies hunt are broadcast on blogs, not stashed on hidden flash drives”.
  • “A good OSINT platform used by skilled cybersecurity analysts is a must-have solution for corporate enterprises who need to defend themselves against against a growing community of cyber outlaws and evildoers” says Steve Morgan, Editor-In-Chief of the Cybersecurity Market Report. “An OSINT app will cull data from blogs, newsfeeds, social media, and even temporary websites on the dark web… and the OSINT app will also keep up on new data sources. CISOs should not be asking “Why use OSINT?” They should be asking “Why NOT use OSINT?” If a corporate IT staff is not using OSINT directly, then they should be using a commercial cyber threat intelligence platform that does.”
  • “Many emerging intelligence needs are not addressed by the offerings of the traditional IT security industry. Assessing a company’s reputation and how it may prompt attacks, understanding the motivations and beliefs of a threat actor, and discovering how a geopolitical event triggers the use of a new attack type promoted on social media all require access to and analysis of non-technical data that IT or product companies don’t provide. There is a full spectrum of information that is being overlooked. Making sense of data from publicly available sources is as relevant for cyber security as it is for other purposes but can only be managed effectively with the right tools and processes” said Kristofer Mansson, Silobreaker CEO.
  • The dark web – which is not indexed by search engines – is a cybercriminal hangout. Some OSINT tools can help keep an eye on the hackers-for-hire, spam and phishing campaigns-for-hire, malware and vulnerabilities-for-sale, stolen intellectual property, cyber investigators-for-hire (competitors who could be watching you), cyber insiders-for-hire (perhaps even inside your own company), hacktivist forums that talk about things like new DDoS attacks about to launch, and more.
  • Strategic cyber intelligence will play a crucial role in defending private companies and government sectors by providing the necessary intelligence to prevent potential incidents that could cripple our security as well as our economy, according to the Intelligence and National Security Alliance (INSA) Cyber Intelligence Task Force.

Join the Cybersecurity Ventures Newsletter to stay on the cutting edge.

grayfooterline

stevemorgan31CYBERSECURITY VENTURES

Steven C. Morgan, Editor-In-Chief

Steve Morgan

    is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve writes the weekly Cybersecurity Business Report for IDG’s CSO, and he is a contributing writer for several business, technology, and cybersecurity media properties.

© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.