Freely subscribe to our NEWSLETTER

© Emelyanov

The guide is written for organisations in both the public and private sectors, and covers the different levels of cyber threat intelligence: operational, tactical, and strategic, and possible sources of intelligence, such as atomic indicators of compromise (IOCs), social media, the dark and deep web, internal sources, publications and information sharing platforms.

Written and peer reviewed by members of CREST Threat Intelligence Professionals (CTIPs) group, the guide delivers an introduction to Cyber Threat Intelligence.

The 18-page guide provides accessible advice on the theory and practice of CTI products and services, outlining key concepts and principles underpinning CTI, along with the ways organisations can use the tool to predict, prevent, detect and respond to potential cyber security threats and reduce cyber risk.

Rob Dartnall, Chair of CREST’s UK Council and vice chair of the CTIPs group says: “Studies indicate the value of the CTI market has effectively doubled from US$5.5bn in 2019 to $11.6bn in 2021, with estimates for 2027 as high as $20.2bn. It was time to update the guide in light of increasing interest in this methodology. This updated guide is intended to inform a broad information security audience, including those with and without previous experience and understanding of cyber threat intelligence as a discipline.
“We hope it will help a wide variety of readers understand the principles of CTI, the three levels of intelligence and different types of intelligence sources. It will also help those concerned with managing and mitigating cyber risk appreciate how cyber threat intelligence can be used, and better understand changes in the practice since the initial guide. We also provide some insight into what is next for CTI.”

Rob adds: “In recent years, the ever-increasing threat of cyber crime has seen cyber security shift from a routine IT task to a critical business strategy. And an element of that strategy needs to be better use of intelligence.
“As part of a wider organisational cyber security strategy, CTI can be used to identify patterns and trends that might indicate impending attack. So, CTI helps organisations prepare their defences before attacks can even occur.
“Without using intelligence, organisations might defend against too little, due to not understanding the threats they face. Equally, trying to defend against all potential threats is an overwhelming and unsustainable approach.
“What CTI does is help understand threats in order to protect against them. This Guide, we hope, goes a long way to ensuring organisations are fully conversant with the practice of CTI - and what the future holds.”

In terms of what’s next, the guide discusses market growth, the rise of automation and the increasing accessibility of open-source platforms which help organisations establish their own CTI function and processes, where they would otherwise lack the resources to engage with a dedicated provider.

As Rob Dartnall says: “Increasing emphasis on transparency and sharing of intelligence have contributed to the notion of CTI as a public good. This has been driven by the increasing threat to supply chains and the interconnectedness of technology stacks.

“These shifts are resulting in better sharing of intelligence and capabilities from more mature to less mature entities, on the basis that rising security standards are a net benefit.”

CREST aims to keep members and interested parties abreast of current cyber security issues, with a rolling programme of new guides and guide updates.

The free Guide is now available to download via https://www.crest-approved.org/wp-content/uploads/2024/04/What-is-CTIHow-is-it-used_2024.pdf

About CREST
CREST is an international not-for-profit, membership body that represents the global cyber
security industry. CREST has over 300 accredited member companies and certifies
thousands of professionals across the globe. CREST is working with governments,
regulators, academia, training partners, professional bodies and many other
stakeholders to build and raise standards in the global cyber security industry.