5 Steps to Incorporate Threat Intelligence Into Your Security Awareness Program

Incorporating threat intelligence can significantly improve the effectiveness of your Security Awareness program, if you do it correctly.

1 2 Page 2
Page 2 of 2

Specify how to react

Telling people what to look for does little more than promote annoyance or generate fear. Providing people with the actions to take if they perceive themselves to be under attack gives them control. The threat, actualization, and prescribed actions should be specific and should include how to prevent the attack and who to report the potential incident to.

Clearly you need to tell people what to do or not to do, however that just prevents the attack from being successful against that individual. However even a minimally committed attacker will move on to the next potential victim. When someone reports the attack in progress, the security team can then take actions to prevent the attack from being successful against less aware individuals.

[ Awareness on the cheap ]

For example, if there is a phishing message involved, the security team can delete copies of messages to other individuals off of the email server. If you know that people are being sent to a specific domain, you can block the domain. You can also send out a more specific message to all people informing them of the specific nature of the actual attack, which also helps people realize that attacks against your organization are real.

Ensure the security team is aware of the intelligence and recommended actions

You should not take for granted that the security team might not be fully aware of the issues and how to respond. Too frequently there is an inaccurate assumption that people know how to respond and react correctly. The “security team” should be broadly defined to include the Help Desk (or whomever receives security-related calls), email administrators, web administrators, physical security, and any other group that might be responsible for taking an action if there is a potential attack.

These people need to know specifically what their responsibilities are. They need to know how to respond to users reporting potential attacks. They should know the specific actions to take in response to the pending attacks. Again, their actions depend upon their roles and responsibilities, but they should be well defined in advance. The last thing you want is for a user to properly respond to and report an incident, and then the people contacted do not know what to do.


Creating a culture of awareness, action, and communication improves both incident detection and response. Your user base becomes aware and active when it comes to potential attacks. This increases the effectiveness of the security team, exponentially growing its capacity to detect and respond to attacks.

In the ideal world, people should be constantly on the alert for potential attacks and know how to respond. Again, that is not what we experience in the real world. While we don’t wish that any organization should be targeted, the fact is that just about every organization is the potential victim of many ongoing attacks. The phishing scams resulting from the Anthem hack made many organizations a potential targets, and this attack is in no way unique.

However, these potential and actual attacks can be outstanding catalysts for making your awareness programs incredibly effective. Don’t squander these ongoing, incredible opportunities.

This story, "5 Steps to Incorporate Threat Intelligence Into Your Security Awareness Program" was originally published by CSO.


Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!