Threat intelligence (TI) has become a hot topic of conversation in large organizations — particularly among cybersecurity teams seeking to anticipate the next steps of hackers and scammers and to allocate budgets appropriately in order to protect corporate networks, hardware, users, customers and data in general.
But the entry of TI into the world of small businesses has been infrequent, if not nonexistent. It’s not that TI is irrelevant to them; on the contrary, the average small and medium-sized business (SMB) website is under attack 44 times per day. However, the benefits of TI are often miscommunicated and, as a result, seem to lack practicability in the eyes of small business owners.
This post aims to bridge the gap and clarify doubts, looking more closely at the benefits TI can bring to SMBs.
1. WHOIS Records
TI can help keep track of WHOIS records. A WHOIS record is created every time a domain name is purchased, and it contains:
- The web address registered – e.g., yourbusiness.com or yourblog.net
- Activity details – including registration, renewal and expiration dates
- Names, physical addresses and contact details of the registrant (the person who reserves the web address)
- The business name of the registrar – the service, hosting or other, through which the web address is being registered
When aggregated, WHOIS records can be cross-referenced to detect a phish. For example, a sender claiming to be in business for years but working with a domain name that is only a few weeks old looks suspicious. Why does this inconsistency exist? Is this person really who they say they are?
Similarly, checking WHOIS records is one approach to detect and halt impersonation scams, where web addresses similar to that of trusted business partners are used to fool employees, or where variations of your domain name become an instrument to deceive your suppliers and customers into executing fraudulent requests.
2. Malware Checks
Staying on top of emerging malware threats that may lead to the loss of confidential information and data breaches is essential. But with over 350,000 new malicious programs registered on a daily basis, doing so manually is not manageable for businesses — let alone SMBs with scarce resources and no formal cybersecurity experience, team or contractor.
Through malware data feeds, TI applications cut the legwork and establish a direct connection with reputable databases and services tracking new forms of malware and how to take preventive measures against them. This means small business owners can better protect their systems from dangerous files and blacklisted domain names.
3. Connected Domains
SMBs often share web hosting, including servers and IP addresses, with other hosts because it is more economical compared to renting or buying dedicated infrastructure.
However, this practice could put them in the company of bad “neighbors” who are engaged in dubious activities such as publishing inappropriate content, spamming or even cybercrime.
Unfortunately, such activities often have repercussions for everyone. Browsers issuing security warnings for malicious websites may start “overblocking” and alerting visitors who reach any page that is part of the shared web hosting pool.
In such cases, TI builds a profile of all domains connected to you or a third party, making it possible to assess the risk of being grouped with questionable individuals and businesses.
4. Suspicious Content
When small business owners and their staff are unsure about the reliability of a website, they can use TI to check whether it contains suspicious content that may harm users and systems such as:
- .exe files – extensions capable of running malware code which could result in system crashes, loss of sensitive information, identity theft, etc.
- .apk files – applications not authorized by official digital distribution channels, the installation of which may lead to harmful documents uploaded to a phone or computer
- iframe elements – used for clickjacking attacks that could give criminals access to a device’s camera or microphone
5. Server Configurations
TI can also help SMBs without an in-house IT team inspect vulnerabilities that hackers look to exploit. These include:
- SSL encryption – indicating whether a page is prone to forgery depending on whether the URL appears as secured with an “https://” mention
- Mail servers – evaluating whether email communications are encrypted with DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) authentication protocols
- Name servers – checking whether a website is hosted on one or several servers and prone to single point of failure
Bottom line: Threat intelligence is not just for big companies. SMBs, a high target for hackers, can benefit from TI to strengthen their cyber defenses.
Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP) and WhoisXMLAPI. He has vast experience in building tools, solutions and systems for CIOs, security professionals and third-party vendors and enjoys giving practical tips for better threat detection and prevention. Jonathan can be reached online at [email protected] or [email protected]