Threat intelligence has become the gold standard for 21st century cybersecurity. Without it, organizations fly blindly about in the dark for clues and signals hinting at the adversary’s next move – like piecing together a giant jigsaw puzzle in a pitch-black room. But with threat intelligence, they get front-row access to observe what the threat actors are capable of, how much they know, and when and where they plan to infiltrate.
That’s the goal, at least. But do organizations feel like they’re getting the full value out of their threat intelligence programs and tools?
It depends on who you ask. Some respondents to a recent CyberRisk Alliance (CRA) survey credit threat intelligence with helping their organizations become “more proactive and vigilant.” Others praise it for “granting levels of insight and visibility that we never had before,” along with a “better understanding of attackers” and “knowing what to look for.”
But not everyone feels the same. One respondent said their team was “overwhelmed by constant phishing scams and social engineering hacks.” Others said they were bruised by failures in managing third-party risk. And a majority of those surveyed said budget and staffing levels are not sufficient to deal with the escalating cyber threats.
The prevailing view was that organizations must adapt to this new climate – either by automating threat detection and data collection, investing in a threat intelligence vendor, offering their staffs more training, or finding more efficient means to integrate threat intelligence tools and data across the enterprise.
The data and insights in this CRA report are based on an online survey conducted in June 2023 among 210 security and IT leaders and executives, practitioners, administrators, and compliance professionals in North America from CRA’s Business Intelligence research panel.
Here are the most important findings from the survey:
- Threat intelligence has largely become geared toward improving incident response and internal awareness.
Sixty-five percent of respondents say threat data gets used to improve incident response, versus 50% who say it is used to inform proactive threat hunting. Security teams primarily collect threat data from internal network traffic, versus external sources like the dark web.
- Respondents desire automated threat intelligence that can anticipate and take immediate action on threats.
Fifty-six percent say automated threat detection and response merits must-have status. Having an early warning feed of the newest attacks (80%) and actionable reporting with relevant context (78%) are broadly seen as indispensable features to any threat intelligence program.
- Threat intelligence helps inform proactive policies and updating of threat models.
Threat intelligence “helps us develop proactive defense strategies to prevent attacks before they occur,” said one respondent. Many others credited threat intelligence with raising awareness of vulnerabilities and blind spots requiring attention.
- Cybersecurity pros report challenges updating their playbooks to address new threats.
Many respondents report challenges when it comes to integrating various security products and data feeds. This results in data that’s frequently unreliable, incomplete, or low-quality.
The CRA report also reports on the biggest challenges facing the education, manufacturing, health care, and technology sectors. Responses ranged from working more closely with teachers to get them to better understand the threats and gaining more expertise in how to work with IoT edge devices in the manufacturing sector.