Pub. 9 2019 Issue 3

11 ISSUE 3. 2019 There are a variety of ways that financial institutions can leverage, and directly benefit from, CTI. Some examples include: • Incorporating technical indicators of compromise into the com- pany’s security information and event management system; • Briefing high-level executives on industry trends and providing intelligence on potential future attacks; • Providing intelligence briefings to security operation centers (SOCs), increasing the situational awareness of technical cam - paigns and bad actors; • Developing incident response scenarios; • Achieving timely integration with fraud teams to deactivate stolen credit or debit cards; • Working with law enforcement to remove stolen credit, debit or other financial information from the deep or dark web; • Segregating and limiting internal access to systems if an indi- vidual’s credentials are exposed; • Communicating with social media and marketing teams about exposed data; and • Implementing patches for known vulnerabilities that are dis- covered on external-facing systems and applications. What does a successful CTI program look like at financial institu - tions? Deep analytical CTI is usually not possible at small- to medi - um-sized financial institutions using the internal resources of their existing security teams, and is often outsourced to a vendor or third party. Outsourcing can provide some value-added actions, such as: • Identifying breached credit and debit cards or other financial information; • Monitoring chatter about C-suite executives; • Assisting in fraud prevention through credential theft; • Thwarting attacks planned by adversaries that uses new finan - cial theft malware, ransomware or Trojans; • Examining reputational damage or brand-related chatter for an organization; • Identifying large credential data dumps or breaches; • Identifying or ascertaining stolen or fraudulent goods like blue- prints, skimmers and physical devices, or sensitive data such as tax forms, personally identifiable information and protected health information. CTI can provide a variety of actionable information that executives can use to make better cybersecurity decisions and assess their risk appetite. With CTI, bankers can prioritize initiatives, address bud - gets and create business strategies for securing customer, employee and client data. A deeper understanding of the threats they face gives companies a firmer grasp of the tumultuous cyber landscape and a clearer vision of how to prevent problems. w Loras Even is a principal with RSM US LLP. He performs a variety of security consulting engagements for clients, assisting in security planning, evaluating technologies and recommending security solu- tions. Loras brings more than 37 years of experience in IT, including 17 years of focusing on security and privacy. Wanda Archy is a cyber intelligence specialist focused on Dark Web investigations. Currently, Wanda leads RSM's Cyber Threat Intelli- gence (CTI) services. She received her Master's degree in Security Studies and Bachelor's degree in Science, Technology, and Interna- tional Affairs from Georgetown University. The darknet is the part of the internet that is not accessible through conventional browsers and requires specific software or configurations; the deep web is the part of the internet that is not accessible through search engines. Some nation states, cybercriminal gangs and threat actors thrive in this underground economy through illegal activity that includes the sale of personal information, financial goods and illicit services. For bank’s CTI, the deep web and darknet are a treasure trove of breached information and threat indicators