'Threat intelligence' is the latest buzz word in cyber security

Are you "threat intelligent"? Is your government "threat intelligent"? If you are an American, especially an American civil servant, you might conclude from the recent "massive" cyber attack on the federal agency responsible for collecting data on employees and issuing security clearance that your government is not threat intelligent at all.

Threat intelligence is the new buzz term in cyber security. It is a pro-active form of security in which you deliberately engage with hackers to try to figure out how they might attack you, and then go home and simulate just such an attack to see what happens.

It sprang from the realisation that the alphabet soup of security standards and red tape of security compliance are utterly useless. All corporations, regulated or not, compliant or rogue, have soft underbellies: suppliers. Hackers hijack suppliers' IT systems and use those compromised systems as vehicles to attack the suppliers' clients' systems. If the supplier twigs, the hacker moves down the supply chain and starts again.

In this twilight game of cat-and-mouse, "compliant" and "secure" are entirely different concepts. Presumably attacks similar to the one in the US are happening undetected all the time.

Paranoid? It's a mindset that governments want to encourage. One risk to the world economy is the British financial system. It is believed to be particularly threat-stupid.

Hence the Bank of England and the Financial Conduct Authority have devised CBEST, a new security tester intended to improve and test resilience to cyber attack. Compliance is voluntary at the moment but will probably become a legal requirement soon.

So what? A thriving sector like cyber security that has an increasingly threat-smart customer base being galvanised by governmental fiat looks like a good sector to be in. Cyber security turns over €29bn a year, and is expected to grow at 7% per annum. Earlier this month, Sophos announced its intention to float in London. Sophos is poised to feed into this market. Its "thing" is end-point security: antiviruses, firewalls, and secure connectivity between laptop and work systems. They are now moving into threat intelligence too, identifying and containing malware, Trojans and phishing attacks.

So how does the "intelligence" part of threat intelligence work? "It requires having one foot on the dark side," says information security expert Luke Hebbes. "Ultimately, it's about keeping tabs on organised criminals, and attending shady events where security professionals and law enforcement agents mingle with people who go by their hacker personas."