A recent Information Security Forum report found that most organizations don't feel their threat intelligence capabilities meet their business aims.
A recent Information Security Forum report found that most organizations don't feel their threat intelligence capabilities meet their business aims.

While 82 percent of Information Security Forum (ISF) members recently surveyed say they have threat intelligence capability and the remaining 18 percent plan to do so within the next year, only 25 percent believe that capability is delivering on its business aims, according to a Threat Intelligence report released Thursday by the ISF.

The survey reveals the struggles faced by organizations trying to understand and incorporate threat intelligence capabilities to better manage risk. Hampered by the fact that there is no common understanding of threat intelligence (90 percent said they'd benefit from one), most find it difficult to find the skilled workers needed to operate and manage their threat intelligence capability. In fact, a mere eight percent said they can find the skills they need with the most glaring gaps being in identifying business implications and doing analysis, according to the report.

Only 32 percent actually have a formal process for managing threat intelligence initiatives and a tiny group – seven percent – said they've “achieved considerable integration” of that capability into their decision-making process.

Overall, those surveyed are roundly at a loss as to how organizational structures, outsourcing, collaboration, technology use and other practical considerations impact threat intelligence efforts, the report found.

To tackle threat intelligence head on, the ISF recommended that organizations:

1)      Develop a prioritized set of threat intelligence requirements that can be used to efficiently drive their intelligence production efforts.

2)      Identify and select sources that they need to support analysis within those requirements.

3)      Collect and reveal information from the sources chosen.

4)      Process information gathered so that it can be analyzed.

5)      Produce threat intelligence by analyzing collected information and which meets established requirements.

6)      Communicate information – clearly and concisely – to users.

7)      Make decisions based on threat intelligence integrated into the decisionmaking process.

8)      Take action – or, ISF says, “deliberate inaction” – to implement those decisions.

9)      Review and improve threat intelligence capabilities via the intelligence cycle and its various steps.