Varied threats like disinformation, platform abuse, brand dilution, strategic breach campaigns, extortion, insider threats and nation states stealing intellectual property are more prevalent than ever. More and more of these threats live far outside the traditional environment of analysts investigating potential cyber intrusions on their dashboards.
While the typical beneficiaries of cyber threat intelligence are teams in threat hunting, application security, vulnerability management, and incident response, mature organizations realize many of the same datasets used in traditional cyber threat intelligence can be leveraged to address other areas of the business.
Further, advanced programs are adding new groups that incorporate information from physical security, social media, geopolitical, marketing, and business intelligence sources.
This blog will discuss some use cases around one such example: Trust and Safety teams.
Trust and Safety teams have grown in popularity in the past five years, especially among companies that operate consumer-facing technology platforms. Blending fraud and crime prevention with company policy, these teams are a natural fit for a strong intelligence complement. Strategic intelligence will inform better policy decisions, and tactical intelligence can prevent criminals from using technology platforms for gain.
Use cases for intelligence data in trust and safety teams are endless, but typically revolve around safety, fraud, and abuse of a product or platform. Some typical scenarios we have seen the aggregation and analysis of data to support trust and safety teams include:
- Identifying assailants targeting company executives traveling abroad
- Disrupting disinformation campaigns
- Combatting nation-state and criminal online recruitment efforts
- Attributing anonymous short-sellers, creating false information to manipulate stock prices
- Disrupting a criminal ring conducting charge-back fraud on a platform
- Identifying an assailant extorting a company employees
- Monitoring sentiment negatively affecting overseas operations in a hostile region
- Identifying an insider threat leaking data with no network origination point
- Ensuring a platform or data does not get corrupted during a turbulent termination or merger and acquisition.