Cyber threat intelligence is not a perfect discipline. It is impossible to foresee every eventuality or to provide the ideal guidance in time to prevent every incident. The threat landscape is chaotic and dynamic; threat actors actively seek to bypass defences and take advantage of security weaknesses.

Case studies provide an opportunity to reflect on real world incidents, on the timeline of how the incident unfurled, and on the opportunities presented to threat intelligence teams. Looking back over past experiences allows intelligence teams to consider how they would behave in the same situation, and identify potential gaps in current intelligence provisions.

At the very least, we should be keen to learn from past events, to consider adopting practices that have proved successful elsewhere and seek to avoid previous failures. Asking the question, ‘at what point would I have identified this threat, and how would I have responded?’ is an excellent starting point for improving intelligence capabilities.

This chapter presents a selection of high profile case studies including examples of intelligence failures and successes. These are presented to assist the teaching of cyber threat intelligence, and as a learning tool for practitioners.

We should not harshly judge organisations that share information regarding a breach. Sharing information allows others to learn and gives the opportunity to augment defences. Case studies are a vital part of evolving cyber threat ...