For public and private sector security professionals, the term threat intelligence is often synonymous with detecting and mitigating cyber attacks like malware and phishing.
But alongside cyber attacks, online data is becoming more relevant for investigating cyber-enabled threats and physical security risks. Threat intelligence tools must integrate data from each of these risk areas for a holistic security solution, especially when they overlap.
Cyber, cyber-enabled, and physical threat intelligence provide valuable context to each other as the threat landscape becomes more complex. When threat intelligence strategies focus only on cyber, they can overlook critical context and result in avoidable damage to digital assets and an organization’s personnel, customers, and physical infrastructure.
What does this risk overlap look like, and how can security teams benefit from a more integrated approach?
Where some approaches fall short
Threat actors are seldom active in one distinct webspace, such as the dark web. Breadcrumbs typically span the surface, deep, and dark web, and digital security personnel must consider open-source intelligence across a variety of these sources to gather context and respond appropriately.
This is not only true for detecting cybercrime, which targets computer systems. It’s also valuable for physical security and investigating cyber-enabled crimes (which use the web to commit threats like fraud or theft) as adversaries adopt digital communications.
For example, imagine that a photo of your organization’s ID badge, infrastructure map, or SOC room is posted on a social network. This information could be used to weaken physical access control. But if it ends up in the wrong hands, it could give cyber attackers the information they need to compromise a digital system or support a social engineering strategy. Security teams need to know when this information hits the web and where it migrates.
Even though online risks involve both digital and physical concerns, security strategies often fail to integrate these use cases.
Digital and physical security teams may be siloed in their approach and communications, and protocols can get fuzzy when digital and physical risks are interconnected. Threat intelligence tooling, while valuable for cyber defense, can be inaccessible for less technical users investigating cyber-enabled crimes or physical security compromises.
Some data sources, such as obscure social media platforms or messaging apps, are also necessary for these use cases but often lack coverage with commercial threat intelligence vendors. This could force analysts to overlook or manually investigate these sources, costing valuable time and resources.
Addressing an integrated threat landscape
When strategies and tooling do not address the integrated nature of cyber and physical security, threats can be missed and intelligence may lack the context necessary for timely and informed response. This could mean not only facing millions in damages, system downtime, and compliance fines but also compromising the safety of your most valuable assets—people.
A more holistic approach can help desegregate security teams in their focus areas as cyber threat intelligence informs other use cases and vice versa.
What does this look like?
It might start with revisiting, at a high-level, how security teams organize and communicate within your organization—and if a divided approach creates functional gaps in your strategy. But it can also come down to threat intelligence tooling and data source selection.
Security managers should consider what online sources support both digital and physical threat intelligence gathering, and how to integrate any missing sources into their toolkit. There’s also the accessibility factor: are your tools usable for less technical personnel who still need access to online threat intelligence?
Integrated teams deliver better outcomes
Integrating physical and digital threat intelligence has a number of positive outcomes for your security posture. Your security teams and software will likely deliver more timely and contextual threat intelligence for cyber, cyber-enabled, and physical scenarios when they inevitably overlap. This added context can inform faster, more informed response strategies and help organizations allocate security resources more effectively. This puts you in a better position to avoid—or at the very least, minimize—harm to your data, infrastructure, and stakeholders.
A comprehensive security solution, whether it’s in the public or private sector, requires access to both physical and digital threat intelligence. Integrating the teams, data sources, and tooling required for these overlapping use cases will help organizations respond more effectively to a diversifying threat landscape.
It will also help minimize costs and reputation damage associated with these threats—and most importantly, protect the people and assets most vulnerable.