Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsManagementCyber Tactics ColumnSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

Cyber Tactics

2023: The year for contextual cyber threat intelligence

Learn how to build a cyber defense strategy built on intelligence.

By John McClurg
Cyber tactics

putilich / iStock / Getty Images Plus via Getty Images

cyber tactics
Cyber tactics
cyber tactics
January 9, 2023

It seems like we each have very different tastes when it comes to the books we read, the shows we watch, or the podcasts to which we listen. But media consumption studies reveal that most of us have at least one thing in common: we love a good whodunnit story. It may be the challenge: Can we follow the clues investigators come across, identifying and stopping the criminal before they strike again?

I understand this fascination, this race against the clock, because in the early part of my career, I led investigative teams at the Federal Bureau of Investigation (FBI) and Central Intelligence Agency (CIA) and served on one of the nation’s first Joint Terrorism Task Forces.

I can’t imagine successfully protecting the people, processes and assets for which I was responsible or apprehending the threat actors posed against them without having access to insights on how and why these interests were at risk. I feel the same way today as a chief information security officer (CISO) navigating the cyber threat landscape that currently challenges us. I still believe the ability to advance a successful cyber defense strategy is predicated on access to the right kinds of cyber threat intelligence (CTI).


WHY CYBER THREAT INTELLIGENCE MATTERS

Cyberattacks are no longer just about the malware. Clearly, while malicious code is the tool a threat actor uses against our organizations, when it, like any tool, ceases to serve its purpose, the adversaries will discard it and try another — and another — until they find the right one for the job. Stopping the malware, the tool being utilized at a particular moment, may not stop the threat, and that is why the phrase “whack-a-mole” has meaning for most of us. To break that cycle, security leaders need to understand who is behind an attack and what they are trying to achieve.

I heard this explained quite well recently on a LinkedIn Live broadcast featuring BlackBerry’s Vice President of Threat Research and Intelligence, Ismael Valenzuela.

“You may not think you need to know whether an attack is coming from — let’s say Russia or China. But we want to know that, and actually, it adds context. That information alone may not seem that helpful — unless you were a three-letter agency or working in law enforcement. You’re not going to prosecute anybody, right? But the reality is that knowing who’s behind an attack helps you to understand their motivation.

At the end of the day, we’re dealing with humans. If we reduce it to just the malware, you’re removing the human aspect, the geopolitical aspect, and the economic or military factors that drive somebody to launch an attack against an organization,” said Valenzuela.

Another way to look at the value of contextual CTI is to consider the following: threat actors often have specific working hours just like we do. They make to-do lists; they have goals they are trying to achieve and even profit targets to hit. And quite frankly, it helps tremendously to know if certain threat actors — often with access to specific tools, techniques and procedures (TTPs) — have your company, your region or your industry vertical on their list of targets.

Knowing and applying this information can help you improve your defenses and resilience against certain “more likely” TTPs.


THREE THINGS TO LOOK FOR IN CTI

Many organizations that understand the importance of CTI depend on some sort of threat intelligence subscription service. If you are looking to adopt the power of CTI in 2023, here are three things for which I suggest you look:

  1. Ask for a sample CTI report. The data should be actionable and help you bridge the gap between threat research and business decision-making.
  2. Ask how much context the CTI provider will provide. Does it track threats by industry vertical and other factors? This kind of detailed information is crucial to aligning your defenses against likely attacks.
  3. Ask potential CTI providers if their threat research team is global. If yes, that’s a major plus, because intelligence analysts based in multiple countries can track geopolitical nuances and threat actor actions that might otherwise be missed.


FINAL THOUGHTS

Think about the sales teams of your organization for just a moment. Chances are they have some sort of competitive intelligence. They know what the competing sales teams are saying on social media and how those companies are positioning themselves in the market. Learning about these behaviors and motivations can help sales teams counter competitive threats and make more strategic, data-driven business decisions.

Through cyber threat intelligence, CISOs have the same opportunity when it comes to the threat actors we face.

Cybersecurity should be more than a whodunnit. Ideally, it’s a who might do it — and a potential roadmap for how to prevent the crime from occurring in the first place.

KEYWORDS: cyber security information security risk management security vulnerabilities threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More
  • Outsourcing Data: Don't Take a Fairytale Approach

    The Importance of Effective Correlation for Threat Intelligence Users

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing