What you need to know about the threat intelligence updates to ISO 27002

In February 2022 an updated version of the information security standard ISO 27002:2022 was released by the International Organisation for Standardisation (ISO), with an updated version of ISO 27001 expected later this year.

The ISO 27k standards are best practices that are internationally agreed upon by experts and provide the requirements for certified information security management systems (ISMS).

The standards enable organisations of any kind to manage the security of their assets such as intellectual property, financial details, employee information or third party data.

ISO 27002 defines how each requirement should be implemented and how organisations can best leverage the standards once they’re in place. The recent update, the first since 2013, has seen 12 completely new controls added, including the need for threat intelligence.

This update to the standard highlights the importance of threat intelligence for your organisation’s security management.

5 reasons for the increased importance of threat intelligence

There has been increased interest in threat intelligence by security teams in recent years and it’s fast becoming an integral component of every organisation’s security efforts. It comes as no surprise that certification programs such as ISO are adding it to their requirements.

1. Increases in cyber crime

Australia is seeing an increase in cyber crime; The Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports in the 2020–21 financial year – a 13% increase from the previous year that equated to one report every 8 minutes. IBM and The Ponemon Institute reported that in 2021 data breach costs rose from US$3.86 million to US$4.24 million; across the Asia Pacific region they increased by an average of 12%.

2. Average detection times

Worryingly, the average time to detect and contain a data breach in Australia was 311 days – more than a week longer than the previous year, which indicates security threats becoming more complicated. Unfortunately, the longer a breach goes on the more damaging it is, so the earlier it’s detected, the lower the damage.

3. The COVID-19 environment

The shift to remote and hybrid work during the COVID-19 pandemic has increased expensive data breaches, with Australian companies with more than 50% remote workers taking longer to identify data breaches. This is partly due to hastily erected remote access and cloud hosted solutions, where security was not an important factor as much as getting a business capability working

4. Alert fatigue for Security Operations Centres (SOCs)

The number of alerts that a SOC receives far outstrips their resourcing and the risk of missing something important keeps increasing. Threat intelligence can cut through the alerts to deliver actionable intelligence with low false positive rates.

5. Information overload

There is so much information out there about threat actors, data breaches, vulnerabilities and exploits that it is hard for a security analyst to keep up with it. Threat intelligence can help curate this content for your team, so they can focus on what is important.

What you need to know about the threat intelligence updates to ISO 27002

The update to ISO 27002 has seen new controls added, such as threat intelligence, ICT readiness for business continuity, data leakage prevention, monitoring activities, secure coding and more.

This not only standardises the need for threat intelligence but will also inform the implementation of some of the other controls that make up ISO 27002.

Threat intelligence helps you become intelligence-led in the planning and operation of your security capability. By understanding the threats targeting your region, sector and organisation, you can better allocate limited security resources where they are needed most. By learning about new data breaches, vulnerabilities and exploits early, you can respond faster and do more to prevent and minimise damage to your organisation.

The goal of the addition of the threat intelligence control is to ensure organisations:

  • Are informed on the overall threat environment
  • Collect and analyse information relating to security threats
  • Understand relevant threats earlier and take appropriate mitigation action
  • Change from a reactive security position to a proactive one

The recommendations from ISO include leveraging threat intelligence properly and taking all three layers of intelligence into consideration:

  1. Strategic threat intelligence – high-level information on the organisation’s threat landscapeOperational threat intelligence – knowledge of the tactics, tools and
  2. technologies used in known attacks
  3. Tactical threat intelligence – detailed information on specific assaults

The standards also note that threat intelligence should also be:

  • Relevant
  • Insightful
  • Contextual
  • Actionable

A proactive approach to threat intelligence

In a quickly evolving cyber threat landscape, made up of highly-skilled threat actors, implementing threat intelligence measures will ensure your organisation’s strategy changes from a reactive one to proactive.

Unfortunately, most organisations take a reactive response to potential data breaches and vulnerabilities, only managing an issue when it occurs. However, when it comes to dealing with risk, prevention is always better than cure.

Technical intelligence is not only important to inform how we prepare our technology, but also to provide insight into the why and the who behind the attacks. Instead of only looking at intelligence from endpoints, IDS/IPS, firewalls, or antivirus, we should be consuming data from online sources like social media, forums and dark web to look for threats and learn about emerging ones. The data we get from that exercise helps us better prepare our security systems and our people.

A proactive approach will inform your security strategies at all levels and ensure your teams are more confident in making decisions and actively monitoring threats to mitigate them.

How WorldStack can help

WorldStack are your experts in threat intelligence.

Cyber threats and poor, uninformed decisions have the potential to damage and cripple your organisation. In order to remain ahead of these threats, your organisation must be constantly evolving to meet emerging threats and risks.

Our team of experts gather intelligence from a wide range of sources, highlighting potential threats to your organisation and providing data insights to help you make better decisions. With the aid of our digital intelligence platform, we enable you to stay ahead of threats and proactively manage risk.

At WorldStack we tailor our intelligence to your organisation’s technology and digital footprint, providing context to the threats and minimising false positives. We provide information about threats targeting your region and sector, helping you stay informed about the things that impact you and filtering out the noise that isn’t. We help you stay across global threats including data breaches, vulnerabilities and threat actors and help you understand what it means for you and your organisation. We know how to speak to technical, management and executives about threat intelligence, helping you to drive value from your investment and communicate the things that matter to your stakeholders.

We work closely with organisations like yours to provide actionable intelligence that will help you to detect threats to your data and reputation, minimise risks and strengthen your digital security.

Are you ready to understand how to implement threat intelligence and how you can implement the updates made to ISO 27002? Or are you a consultant charged with guiding organisations on how to meet the needs of standards like ISO 27k?

Book an obligation free consult with our team to discuss your needs.