A security analyst once told me that he feared late-night “doom scrolling” of news and social media by a company executive. He was certain that this type of casual, after-hours web surfing would result in the executive coming across a warning of the next big vulnerability, and that he would then fire off a link to the security team, without any context, asking if this is something they should be worried about.
Over the past few years we’ve seen a trend emerge, with “celebrity vulnerabilities” gaining quick notoriety and then being overshadowed by another one. This fast-changing spotlight from one vulnerability to another creates confusion and overwhelms security teams who have to keep reshuffling priorities. Unfortunately, going from one celebrity vulnerability to the next is not an effective way to stay out of harm's way. Once a vulnerability is identified, criminal organizations will pull out all the stops to find ways to rack up their victims list. This was the case with MOVEit File Transfer (CVE-2023-34362), where third-party firms were saying the number of companies exposed was around 500. The Cl0p Ransomware group, which was behind MOVEit, had posted information of about 300 victims on their dedicated leak site within two months.
In the three months since the MOVEit vulnerability was identified and scored by the NVD, there have been numerous more vulnerabilities published, many of them with high severities. This keeps defenders on their toes and in a constant state of not only trying to prioritize their workload, but keeping the leadership teams up to date during the process of remediation.
Threat Intelligence teams have a lot on their minds, and educating the leadership team is one of the most important duties. Keeping business leaders well informed of how adversaries could potentially target their organization is a huge step in bringing CTI from the basement to the Executive Suite. Understanding the potential financial burden to their organization and the impact on the brand is crucial for threat intelligence and security leaders. In other words, knowing what criteria will drive the executive team’s decision making can guide security teams in how to craft their message and report to the C-suite.
Ultimately, having a data-driven report of their findings and analysis is an important component of informing executives. Cybersixgill aids threat intelligence teams by giving a complete picture of exposures, how they’re being exploited in the wild, and how they are impacting other organizations in their industry. Our comprehensive, contextual threat intelligence empowers analysts to share relevant information with business leaders and make better, more-informed decisions on how to best protect themselves.