The Real Indicators of Compromise you should be heeding

The overworked term indicators of compromise base intelligence findings on highly technical findings. The findings represent the archived pain of those who have suffered a breach serving to help others with their cyber hygiene. We created a whole new industry around indicators of compromise, growing this into another misused and overworked term, that being threat intelligence. Something we have always done but now something that requires a new name to sell iteratively improved products and services. But we genuinely miss the indicators of compromise that all CISOs and cyber security professionals should examine. Below is a listing of those indicators of compromise that must be addressed before any expectation of cyber hygiene can be achieved.

  1. You do not have a CISO.
  2. You do have a CISO, but he/she reports to the CIO.
  3. Your intelligence function reports to Incident Response or Security Operations or somewhere buried inside IT.
  4. You purchased a threat intelligence platform before forming a cyber intelligence function.
  5. You do not have a cyber intelligence function.
  6. You do not have a cyber intelligence strategic plan.
  7. Your intelligence training is from technology companies or from those who are experts overnight.
  8. You do not have an overall corporate intelligence sharing capability (physical, cyber, business, competitive).
  9. Your intelligence reports are overclassified and, therefore, not shared.
  10. You believe that indicators of compromise are intelligence.
  11. You use risk-based anytime a tough decision must be made.
  12. You have risk-based (acceptance and deferred) items on your list for over one year.
  13. You pay ransomware instead of funding your security program.
  14. Your leadership thinks anything security stinks of Fort Knox.
  15. You continue to purchase the technology and services from the companies continuing to fail to protect you.
  16. Your technology stack overlaps in functionality and features, yet only small percentages of their capabilities are actually in working order.
  17. You use information as currency.
  18. You use technology knowledge with arrogance and hubris.
  19. You operate in continual hero mode.
  20. You depend solely on technology to defend your environment.

Once you examine the above (and add to the list as you deem necessary), brainstorm to establish a plan to rectify the problems. Or, have a violent reaction to the above and continue to go about using IoCs to search for what is already inside your wire, i.e., cyber hygiene.