I know what you must be thinking, please not another Internet of Things (IoT) article. This IOT is referring to “Indicators of Threat” and your Cybersecurity Strategy needs to include policies and practices for both, IOT to proactively identify risks and Indicators of Compromise (IOC) to reactively identify risks as part of your Threat Intelligence efforts. IOC has received considerable media coverage, largely because it is frequently associated with a successful cyber-attack, i.e., Solarwinds and Log4j vulnerabilities that have resulted in successful cyber-attacks are detectable through network monitoring and log analysis, using indicators of compromise information and proper detection tools. The problem with IOC is that it is a reactive detection method; IOC tools tell you that you are already a victim of cyber-crime and your response and recovery plans need to be initiated. IOT policies and practices are proactive, they are designed to prevent you from becoming a victim of cyber-crime; it is far less costly and disruptive to a business if IOT practices can stop harmful software from taking root in your digital ecosystem, where your IOC tools are “watching your back”.
There are numerous articles available online that explain IOC policies and practices, but there are far fewer materials that describe IOT policies and practices. This article aims to help BoD and C-Level executives understand the goals and objectives of IOT along with some effective IOT practices.
Threat Intelligence is the umbrella phrase that covers IOT and IOC policies and practices. No Cybersecurity Strategy can be complete without effective Threat Intelligence practices. Some IOT practices and tools have been used effectively for many years, for example:
- Malware scanning tools (i.e., ransomware, crypto mining and virus detection tools)
- Vulnerability scanning (i.e., search for known vulnerabilities identified in the NIST Vulnerability database - NVD)
- Penetration testing
- Firewall rules
- Threat Hunting
- And many more …
Each of these practices share one common goal: Proactively detect risk and prevent harm to a Company’s digital ecosystem, which can result in business disruption and expensive, labor-intensive recovery costs/efforts. Some of these IOT tools and practices must constantly evolve in order to adapt to new or changing threats. Some cyber-threats have been detected “after the fact” using IOC techniques, which has led to the development of IOT practices and tools that are intended to detect these known threats proactively, i.e., the Solarwinds software supply chain attack led to the development of IOT practices to detect software supply chain risk, before any attempt to purchase or install a software object.
In summary, BoD members and C-Level executives can use this understanding of IOC and IOT concepts to evaluate an organizations Cybersecurity Strategy with regards to Threat Intelligence policies and practices for IOC and IOT. They are two sides of the same coin operating in a symbiotic relationship, IOT is proactive, IOC is reactive and both are needed for a complete and effective Threat Intelligence capability.