For a while now, we have been inundated with news of breaches across the entire spectrum—from the enterprise to the public sector—and it seems it won’t abate anytime soon. The de facto reactionary measures put in place to mitigate polymorphic threats have failed immeasurably, and it will be strategic to delve into other playbook(s) in our zest to find holistic solutions to this malaise. Patterning the current threat landscape and informing counterterrorism strategies will aid the rapid detection of anomalous behaviour.

Intrusion detection strategies have always focused on system vulnerabilities and thereby ascertained immediate threats rather than strategic patterns. When you take an introspective look at the current threat landscape, which in itself is quite fierce, it demands strategic-level insights into the all-encompassing threat, which includes but isn’t limited to newer tactics, techniques, and procedures. When the Cyber Kill Chain was promulgated to serve as a yardstick for cyber-intrusion detection a while back, intrusions were quite mild as compared to now.

Experts have, over time, tended to frame their perspectives on how the Cyber Kill Chain is functionally analogous to the Terrorism Kill Chain, which I agree with to a greater extent. The insights garnered during cyber-analysis—aggregate patterns, overlapping indicators, and predictive threat reports—are similar to strategic-level counterterrorism analysis, except that cyberattacks emerge more rapidly and at larger scales than terrorism. Employing counterterrorism tradecraft can have a profound effect on the cybersecurity landscape.

Gathering intelligence is the primary driver of operations, and cybersecurity operations must be equipped with tools and techniques for collecting attack data as well as remediating attacks. Spotlighting the aggressor’s kill chain, especially polymorphic-centric threats, the defender is equipped with not just the ability to foil current attacks but also to forestall future occurrences while also hardening its defensive posturing. Besides employing the intelligence cycle, other noteworthy counterterrorism intelligence practices are:

• Centre of Gravity Analysis
• Analysis of Contending Hypotheses
• Profiling
• Predictive Analysis
• Preliminary Analysis

There’s a need to set this straight: IT professionals are not counterterrorism experts due to the fact that there’s a lack of formal intelligence training in the IT sector, and there’s a need to address the skills and capabilities gap. By integrating Strategic Intrusion Analysis (SIA) with counterterrorism intelligence tradecraft, cyber resilience will be ensured and enable C-level decision-makers to incorporate bespoke solutions into enterprise-wide risk management and governance processes.