Author: Mikel Rufián Albarrán. Responsible for Cyberintelligence. Innotec System. Entelgy company
The incorporation of Cyberintelligence capabilities may mean an increase in organizations’ profitability of up to 26%; however, in most countries, the commitment to this activity is still incipient with respect to other large economies. Enhancing its development is essential to maximize the opportunities offered by the new digital environment, assess and mitigate risks, and achieve an advantageous position in the market.
With globalization, digitization, and connectivity, organizations from all sectors face the challenge of identifying and taking advantage of the opportunities offered by the leap into the digital world, as well as the threats and risks of cyberspace. In this sense, organizations are currently devoting increasing resources to the examination of their environment. The goal is to have useful, quality information to help them in their strategic, tactical, or operational decisions, with three fundamental objectives: to prevent risks and threats, minimize the impact of competitors’ actions, and take on new opportunities in cyberspace.
Finding ways to transform their (often obsolete) structures to make them cyberintelligent is the main challenge facing companies and institutions today.
But… what is Cyberintelligence?
Cyberintelligence is what results when different analysis techniques are applied to cyberspace information to transform it into knowledge, so that it is useful when making decisions with the lowest possible level of uncertainty. The cycle of Cyberintelligence works like this:
- Management and planning: Requirements setting and action planning
- Collection: Collection of raw data through information sources that have been defined in the planning process
- Transformation: Conversion of the raw data obtained into usable and manageable formats that allow its processing and analysis
- Analysis and production: Enriching, analyzing, and evaluating processed data to extract a Cyberintelligence product capable of satisfying the organization’s needs
- Diffusion: Transmission of the Cyberintelligence produced in the previous phases and presented in a format easily understandable at all levels
- Evaluation: Assessment and feedback of the whole process for its re-evaluation and continuous improvement of the whole cycle
In order to provide a preventive model and the highest possible security for an organization, Cyberintelligence service providers or cells themselves must meet the following requirements:
- Exploitation capacity of cyberspace information sources
- Own technological e-skills (R&D development) that reduce the external dependence of the organization on cybernetics
- Transformation of information into intelligence through a multidisciplinary team with training and skills in intelligence analysis techniques (Intelligence Analysis) and data science (Data Science), to execute complex analysis of structured and unstructured data on platforms and large volumes of information (Big Data) and value (Smart Data)
- Identification of possible violations to the digital identity or intellectual property, such as theft or falsification of documents for internal use
- Knowledge to avoid attacks through suspicious and/or hidden data
- Effective and rapid response to crisis situations
- Communication in different languages, since attacks can come from anywhere in the world
- Uninterrupted 24/7 service, because attackers often take advantage of downtime to perform their operations
- Cyber-research capacity (Digital Detectives and Digital Forensics) to obtain and provide information using forensic methodology
- Development of early warnings and detailed reports to communicate appropriately and to reduce uncertainty in the decision-making process
- Cyber-defense measures for the protection of threats against digital identities or infrastructures of public or private organizations
The human component, a key factor
Although computer resources are used for the production of Cyberintelligence, analysis and interpretation remain essentially human activities. The Cyberintelligence analyst is a specialist in the assessment, integration, analysis, and interpretation of information in cyberspace for its conversion into knowledge.
Lack of Cyberintelligence culture
Unfortunately, in many countries the development of these Cyberintelligence units in the organization is recent, and we are still far from the precursor countries that are, in addition, the most competitive economies.
Talent exists for this purpose, and it is necessary to support and strengthen global Cyberintelligence in order to safeguard sovereignty in cyberspace. We must share this Cyberintelligence among the community, whenever and wherever appropriate.
Cyberintelligence is not an expense, but an investment. The organizations that have incorporated it are more competitive, more profitable, and outperforming their counterparts in three key areas: revenue, profitability, and risk assessment. Some studies have found that cyberintelligent organizations are 26% more profitable than their competitors.