Most IT security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights. That’s according to a survey by Anomali with Ponemon of 1,072 respondents in the UK and North America to identify how organisations prioritise threat intelligence.
Their report also showed that organisations neglect to share essential threat data with board members and C-level executives, despite the fact that security is now a business priority. On average, only 31 percent of these key stakeholders receive information that can be used to inform them about critical security and risk issues they face today.
“The Value of Threat Intelligence: A Study of North American and United Kingdom Companies” also found that security teams within organisations are not optimised to deliver on threat intelligence. Less than half (46 percent) of those polled say incident responders use threat data when deciding how to respond to malicious activity, which leaves numerous vulnerabilities undiscovered. Almost three quarters (73 percent) of respondents admit they aren’t using threat data very effectively to pinpoint cyber threats. Reasons for ineffectiveness include:
· Lack of staff expertise (69 percent of respondents)
· Lack of ownership (58 percent of respondents)
· Lack of suitable technologies (52 percent of respondents)
Hugh Njemanze, CEO of Anomali, said: “Too much data that is not delivered in the right way can be just as bad as not enough. This is the situation that many companies find themselves in. We call it threat overload. The number of threat indicators is skyrocketing and organisations simply cannot cope with the volume of threat intelligence data coming their way. It’s clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights.”
The inadequacy of organisations’ processes and reporting techniques creates challenges for prioritising threat data. More than half, 56 percent of respondents say their companies do not use standardised communication protocols and if they do, it is most likely in the form of difficult-to-understand, unstructured PDFs or CSVs (59 percent). Fifty-three percent say the process of prioritising malicious activity data within a threat intelligence platform is very difficult. The report also found:
· 52 percent of respondents believe their companies need a qualified threat analyst to maximise the value of threat intelligence;
· 43 percent of respondents say the data isn’t used to drive decision making within their organisation’s security operations centre; and
· 49 percent say their IT security team doesn’t receive or read threat intelligence reports.
Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said: “Every industry knows that threat intelligence is a key component of any effective defence strategy and, as this survey points out, it has become too overwhelming to deal with. Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks.”
According to the report, 78 percent of respondents rate the importance of threat intelligence in achieving a strong cybersecurity posture as very high. Two-thirds of organisations either have or are planning to deploy a threat intelligence platform and 70 percent are seeking to improve threat intelligence efficiency. Both findings show that the industry is taking note of always-increasing numbers of data breaches and that it recognises the value of an early warning system.
Njemanze added: “With the growing threats to organisations posed by cybercriminals, it is clear there is a need to help businesses cut through the noise of data to find the threat intelligence that is relevant and actionable. User-intuitive platforms that disseminate the influx of information are essential, as well as having clearly defined roles and responsibilities among staff. We all know that the bad guys analyse intelligence on how to break into networks — it’s now time for enterprises and other organisations that are being attacked to analyse intelligence on adversaries. With a real-time view, security professionals need to know who the attackers are, where they live and what techniques they typically use to stay ahead.”
To download a copy of the report, “The Value of Threat Intelligence: A Study of North American and United Kingdom Companies,” visit: http://bit.ly/2f1XTeI.
