“The Value of Threat Intelligence: A Study of North American and United Kingdom Companies” also found that security teams within organisations are not optimised to deliver on threat intelligence. Less than half (46 percent) of those polled say incident responders use threat data when deciding how to respond to malicious activity, which leaves numerous vulnerabilities undiscovered. Almost three quarters (73 percent) of respondents admit they aren’t using threat data very effectively to pinpoint cyber threats.
The top reasons for ineffectiveness include:
· Lack of staff expertise (69 percent of respondents)
· Lack of ownership (58 percent of respondents)
· Lack of suitable technologies (52 percent of respondents)
“Too much data that is not delivered in the right way can be just as bad as not enough. This is the situation that many companies find themselves in. We call it threat overload,” said Hugh Njemanze, CEO of Anomali. “The number of threat indicators is skyrocketing and organisations simply cannot cope with the volume of threat intelligence data coming their way. It’s clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights.”
The inadequacy of organisations’ processes and reporting techniques creates additional challenges for prioritising threat data. Fifty-six percent of respondents say their companies do not use standardised communication protocols and if they do, it is most likely in the form of difficult-to-understand, unstructured PDFs or CSVs (59 percent). Fifty-three percent say the process of prioritising malicious activity data within a threat intelligence platform is very difficult.
To add to these issues further, the report also found:
· 52 percent of respondents believe their companies need a qualified threat analyst to maximise the value of threat intelligence
· 43 percent of respondents say the data isn’t used to drive decision making within their organisation’s security operations centre
· 49 percent say their IT security team doesn’t receive or read threat intelligence reports
“Every industry knows that threat intelligence is a key component of any effective defence strategy and, as this survey points out, it has become too overwhelming to deal with,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks.”
Threat Intelligence is a Priority
According to the report, 78 percent of respondents rate the importance of threat intelligence in achieving a strong cybersecurity posture as very high. Two-thirds of organisations either have or are planning to deploy a threat intelligence platform and 70 percent are seeking to improve threat intelligence efficiency in the future. Both findings show that the industry is taking note of always-increasing numbers of data breaches and that it recognises the value of an early warning system.
“With the growing threats to organisations posed by cybercriminals, it is clear there is a need to help businesses cut through the noise of data to find the threat intelligence that is relevant and actionable. User-intuitive platforms that disseminate the influx of information are essential, as well as having clearly defined roles and responsibilities among staff. We all know that the bad guys analyse intelligence on how to break into networks — it’s now time for enterprises and other organisations that are being attacked to analyse intelligence on adversaries. With a real-time view, security professionals need to know who the attackers are, where they live and what techniques they typically use to stay ahead,” continued Njemanze.