Focus on Funds: Understanding the Emerging Field of “Threat Intelligence”

Focus on Funds

Understanding the Emerging Field of “Threat Intelligence”

Threat intelligence is an important but often misunderstood aspect of cybersecurity. In the February 24, 2017, edition of Focus on Funds, Tony Gambacorta of Synack shares his insight on how funds should manage this critical information.


Stephanie Ortbals-Tibbs, media relations director, ICI: Threat intelligence is a critical issue in the fund industry for those looking after its cybersecurity. Recently I got some fresh insight on the issue.

Tony Gambacorta, vice president of operations, Synack: I think one of the big ones was sort of demystifying it and acknowledging that, while threat intelligence is a very real thing and threat actors are a very real thing, threat intelligence is sort of ill-defined in the industry and it’s still a new thing.

That said, having a basic concept of how intelligence is used and what intelligence should be used for was a main point. So we kept coming back to the concept of intelligence cycles—that intelligence doesn’t exist for intelligence’s sake, it exists to enable a stakeholder to make better decisions or optimize the business. So, making sure that people have that cognizance as they’re going into this was a pretty consistent theme.

Ortbals-Tibbs: So take a much less monolithic approach, know the target that you’re shooting at, and make sure you’re organizing your threat intelligence information in a way that it gets successfully passed up the chain.

Gambacorta: Absolutely. So again, coming back to that stakeholder component, while the chief security officer or the information security teams are going to be very important in that, ultimately it is going the be the senior leadership—it’s going to be the board—that decides how much money to invest in some of these different areas and how they want to control the spend. So making sure that those people understand the environment and what you’re trying to achieve is very important.

Ortbals-Tibbs: So, do you think threat intelligence in the fund industry looks different than it looks in other industries?

Gambacorta: I think that the entire Internet-based world is coming to grips with what threat intelligence really means. That said, I think that funds are in a particularly tight situation because there’s a lot of regulation. There’s obviously very high alignment with brand and with perception of security and everything else, so that can tend to inhibit people from acknowledging that there even are threat actors, or even that there is a problem out there that they need to address. But other than that, I would say that if you have something worth stealing, threat intelligence is probably going to be an important part of your day.

Ortbals-Tibbs: So, thinking now about this threat intelligence discussion, is there one thing you would tell people in the industry to do, or do differently?

Gambacorta: I think you’re going to see a lot of people taking a step back. We really focused in the session today about understanding why you’d be running a threat intelligence program and what the purpose of intelligence is. So, rather than stepping out and saying yes, I have a threat intel program because I’ve spent the money on a provider, instead saying, okay, let’s understand what decisions we’re trying to make, how we’re trying to make those decisions, and what these things are going to do to help us make better decisions.

Additional Resources