August 18, 2016
Joe Franscella

Cyber Intelligence: Your Rights and Responsibilities

<p>From ethics to liability, there are lots of reasons to approach online security thoughtfully. Identifying and stopping hackers is the primary goal of cyber intelligence. Much discussion about cyber-crime concerns the specifics of how the latest malware works, however, the human element is the one constant in the hacker/victim dynamic. We, as parts of the equation must understand our own rights and responsibilities.</p><p><strong>Rights</strong> – As an individual, your rights extend to cover your personal network and the data you willingly volunteer as well as items of public record created on your behalf. This includes data created during a breach which can be analyzed in context for use as cyber intelligence.</p><p>Data collected during a cyber-attack can be <a href="">anonymized to be sharable</a> with other threat intelligence users. Currently, only government agencies are required to disclose threat events for the greater good. Legislation requiring everyone to share threat intelligence is a recurring debate in Congress, sparking a lively debate about the future of safety vs privacy. The specifics of how to ensure privacy protection are still being debated.</p><p>Specific types of <a href="" target="_blank">personal data breach</a> are covered by US regulations. Federal HIPAA laws protect all forms of data created as part of a healthcare record, including digital records. The Fair Credit Reporting Act has provisions for victims of identity crimes. Victims can request a “freeze”, fraud alerts, expunging of inaccurate records, and free access to credit reports.</p><p>Regulations require certain rights to be granted by companies. Privacy statements should be accessible and transparent enough to allow users to understand what they’re sharing and how it will be used. While not an expressed legal right, relevant updates and patches should come with your software investment.</p><p><strong>Responsibilities</strong> - While it is true that we all deserve privacy, unfortunately we cannot expect absolute freedom from online intrusions in today’s climate. Studies estimate that nearly <a href="" target="_blank">1/3 of computers are compromised</a> by malware. A surprising proportion of surveillance and espionage is taking place as part of government-sponsored hacking programs. Knowing that many other countries including China and Russia are actively hacking US companies, individuals, and military mainframes should be cause for alarm. Cyber intelligence is as important to the country as it is to the individual. For these reasons and more, we should all take our responsibilities seriously.</p><p>Specific responsibilities may be endemic to your industry, and it’s your duty to <a href="" target="_blank">understand and follow laws</a> governing e-commerce, online privacy, etc. For example, financial records are charged with protecting account info, as healthcare providers must protect personal data. If a company sponsors an app, even a simple novelty one, they must practice due diligence to ensure its users aren’t made vulnerable to cell phone hacks. If you have put your network and its constituents at risk, you’re obligated to give notice of the event. Not only is disclosing incidents the responsible thing to do, but it’s also now mandated.</p><p>Proper use of the powerful tools your company wields includes running updates and configuring alert settings. That is the task of the IT security team. Other responsibilities extend to all employees using the Internet.</p><p>Management should ensure these good use policies apply to everyone:</p><ul><li>Enforce rules against password or account sharing</li><li>Eliminate unnecessary browsing</li><li>Prohibit installing unauthorized programs</li><li>Prohibit downloading of questionable files</li></ul><p>For enterprises, participation in intelligence sharing programs is encouraged and <a href="">may soon be required</a>. Creators of enterprise security solutions, as well as the federal government, have published a lot about their respective cyber intelligence programs. It’s advisable to keep up on the latest developments along with following general current events.</p><p>Still, you are your own first and last shield against cyber-threats. Hold yourself accountable primarily, and regard the cyber intelligence programs at your disposal as tools.</p><p>Are you focused on prioritization and relevance for both security operations and threat analysts. You should be. This white paper describes the Anomali Match model which focuses on that and more.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-522663a1-2e23-4655-9c36-592b876fdb70"><span class="hs-cta-node hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" data-hs-drop="true" id="hs-cta-522663a1-2e23-4655-9c36-592b876fdb70" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3455}" href=";placement_guid=522663a1-2e23-4655-9c36-592b876fdb70&amp;portal_id=458120&amp;redirect_url=APefjpEoZk4LshuR6K2IgbHIJqKfBFZPbJ5mjFTXwAMFoZ4jFfhyZ35GH0grehFahPiDZXikQfD6AUlBwOIEWQbLmc--aE3vzDS8hNQCgUcrGvYv_NME0WfV_9HWyda7InQk557AU5H73-n-95OSTwKvjiqaVB1buQoTovrdjSKCeLQhVy3BtfxzpM8wgs1O4-3lcgO9bMv3rJQOiUoKJcp0scHhZ_rN43A0vbnjbka-1G1LNRUuqkewOUplRq2SJW4ZosUdWXTR6192qAWMa0jfBOfri608O2kmy1b4H0pfnpd1FCibKWAW59MVPQb0Hd0VV2tTv7PEatmCdABnxal3D5kLPGuAK1CCiJ-FJbx_0tNtdZ7YzQaxL0pUW8kHrtiqrEnjuFoz&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;;;pageId=4287016234&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.37.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_ae87b536-87f5-4cf1-85e5-1cf25faf63c6" style="margin: 20px auto;" target="_blank" title="Free Download Here">Free Download Here </a> </span> <script charset="utf-8" src=""></script> <script type="text/javascript">hbspt.cta.load(458120, '522663a1-2e23-4655-9c36-592b876fdb70', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.