How cyber threat intelligence can guide threat hunting

0
5428
Privacy Rules Podcast Cover 2

Your digital identity and Personally Identifiable Information can be used by malicious actors for a variety of purposes.

Let’s take an example, David Weldon in an article a little less than 2 years ago addressed the growing fraud with pension plans. Why? Because these accounts have a much higher balance than an average checking account and far fewer security and fraud controls, and people don’t often check these accounts, and detect when it’s too late.

Indeed, it can happen to everyone. Even to the large organizations have much more resources for protection than smaller ones.

Over the past year, 66,000 breaches were detected, which contained 42 billion personal records. This information now circulates on the deep and dark web. In 2022 Breach Report sheds light on the tactics, techniques, and procedures (TTPs) employed by threat actors in times of crisis—and how to prevent them.

Through a wide range of TTPs, malicious actors continue to improve their ability to carry out sophisticated attacks by weaponizing personal data. This threat cycle has far-reaching implications for individuals, companies, executives, brands, public institutions, and society at large.

How are the criminals doing it?

It goes a little something like this:  Scraping public identity data, social engineering, doxing, pretexting etc., then take over the device or notebook, get into the account, transfer the money in couple of parts – all before it is noticed.

As a data privacy expert, you might say: “wait a minute, we do have GDPR or DPA”. Insurance and banking companies, as well as other sectors must comply to these regulations.

With GDPR e.g. to all EU citizens wherever the data is processed or stored. The systems they use must be designed with data privacy in mind, and must have a high ranked data protection officer and report a breach within 72 hrs. If not, they risk serious fines.

So do GDPR and DPA have serious impact on reducing the risk? Yes – both emphasize measurements to prevent data leakage,  as well as responding once they realize they’re breached.

However, breaches happen all the time

How can we detect compromised credentials as soon as the theft takes place? Furthermore, is there any tool that proactively prevents the use of these credentials by malicious actors before they can do massive harm?

To better understand the key trends related to the metadata constituting these breaches and records, this report analyzes over 1000 of the most significant breaches in 2021, representing over 6M exposed records and 31M exposed attributes worldwide.

This report analyzes the nature of these breaches, their geographic distribution, and the potential consequences of unabated cyberattacks. Additionally, a detailed analysis of the inner machinations of digital black markets and provides key context to understand what hackers do with the stolen information.

What’s more, wizlynx group Targeted Cyber-Threat Intelligence Service is a highly sophisticated and customizable solution that will bring down the overall response time to incidents and therefore, reduce the window of opportunity for threat actors. More importantly, this will identify targeted threats and potentially avoid attacks altogether.

Let’s break the vicious circle!

So, despite the great GDPR, DPA and work done by DPOs, CISO’s and their teams, breaches are happening all the time as in a vicious circle. This can go on and on. So, we must break this vicious circle.

How cyber threat intelligence can guide threat hunting

How to break this vicious circle?

Constella Dome is made for that!

In this privacyespresso, Giovanni Silvestre, Vice President of Business Development & Sale at wizlynx group has invited the guest expert, Herro Zoutendijk, Regional Director EMEA at Constella Intelligence, also Partner of the wizlynx group and member of the PrivacyRules alliance, will discusses more on Cyber Threat Intelligence under the data privacy perspective and how Constella Dome could break the vicious cycle.