9. Analyse relevant cyber threat intelligence information requirements for an organisation (AC 1.9)

Let's consider relevant cyber threat intelligence for a hypothetical clown hats company. This company sells clown hats online to consumers, it has large number of suppliers and clients and some of these are based in other countries. There are 20 employees in the company and they sometimes work remotely using company laptops The company last had security training for all employees one year ago and it determined stat staff did not pay much attention to security. The company doesn't use firewalls, and updates their software once a year. These weakness make it a prime target for cyber attacks, including phishing, ransomware, viruses and (D)DoS attacks. Phishing Phishing is a significant risk for this clown hats company. Without recent staff training, staff isn't equipped to recognise suspicious emails, texts containing phishing links. These social engineering schemes could be used to deceive employees into revealing sensitive information such as company's login credentials or customers' payment details. To lessen the chance of this happening, the company must educate its employees about identifying phishing attempts and implement email filtering tools to detect and block malicious messages. Ransomware Another critical threat. Given the company relies on its website for sales and that it stores customer's and supplier data. A ransomware attack could encrypt this data and demand payment for its release. The absence of firewall and outdated software increases the likelihood of ransomware infiltrating the system through malware or hacking. The financial and reputational damage from such an attack could be catastrophic, particularly if customer payment information is compromised. Monitoring the dark web for mentions of the company or its data and enhancing security measures like detection systems can reduce the likelihood and impact of ransomware attacks. Distributed Denial of Service DoS and DDoS attacks pose significant risk to the company. As all of their income comes from selling their products through their website. A (D)DoS attack could overwhelm the website with traffic, making it inaccessible to legitimate users and thus eliminating sales. The lack of robust security infrastructure, such as firewalls, leaves this company more vulnerable to this kind of attack. To mitigate this, they could implement DDoS service protection services and monitor online forums where such attacks might be coordinated to know if and when it's coming. Viruses Viruses are very dangerous as they can do everything stated above when your system is infected. It could steal customer data, corrupt critical files all while spreading to other systems. The company's lack of updating their software regularly heightens this vulnerability greatly. The company should update all software and operating systems as regularly as they can. The use of antivirus software will greatly help in defending their systems. Intelligence from malware databases and cybersecurity forums can also provide insights into the latest virus threats.