We’re getting smarter. We as organizations are certainly moving in the right direction in respect to how we tackle cyber security initiatives. Cyber security is actively being discussed in boardrooms, by senior executives, and investments are being made to shore up people, process, and technology where gaps exist in order to better protect Intellectual Property, Reputation, and Fraud among other areas. There are thousands of enterprise class security vendors all selling or promising solutions for every security gap potentially known to humankind.

So why are the number of breaches increasing?

My opinion is on the answer to that question is to simply direct you, the reader, to look in the mirror. And if not you (because you’re reading this blog so you’re obviously wonderful), then someone you work with.

Here are a few published studies and statistics to drive home the point.

• According to Verizon’s 2018 Data Breach Investigations Report, 4%of people will click on any given spear phishing campaign.
• 45% of respondents in a recent survey conducted by Wombat Security experienced spear phishing by phone calls and (cringe – see author notes at the end of this blog) smishing.
• Kaspersky Lab reported Vietnam accounted for the biggest share of world spam at 12.37% in Q2 2017. During this same quarter, Kaspersky Lab’s products claim to have prevented 46,557,343 attempted visits related to spear phishing.

Think about that these numbers for a moment and keep in mind, there are more and more sensational studies containing some eye-popping and sobering statistics.

How many people are employed by your organization? Do you know those that rely on opening everything as part of their day-to-day jobs ( HR, finance, reception, etc. ).

If I were someone with less than impeccable ethics, I may or may not be inclined to subscribe to one of the many spear phishing-as-a-service options or spend (sadly) only a few minutes digging around for some compromised accounts and kick-off some serious chaos.

So, would it be safe for one to consider, given this information along with the numerous publicly available data-dumps, that civilization is doomed to end because a certain percentage of the population has ‘open and click on anything’ issues? Probably not. However, tracking social engineering tactics and techniques as part of your overall threat intelligence program may lead to helping your organization reduce some of the fallout.

ThreatQ has extended-object functionality. This means that users are able to leverage above and beyond what STIX 1.X and STIX 2.X dictate and potentially create ANY custom object-type required to meet their data models and use-cases in order to better meet the requirements of their Threat Intelligence Program.

ThreatQ and ThreatQ Investigations are flexible enough to wrap around your organization’s existing successful process and workflows to better enable taking the appropriate actions.