A new Ponemon Institute survey included more than 700 IT and IT security pros, across businesses and government agencies with an average of 12,000 employees, who answered more than three-dozen questions around threat intelligence sharing.
The participants overwhelmingly answered that exchanging threat intelligence could have prevented recent cyberattacks and the traditional ways of sharing threat intelligence are insufficient.
“What was clear in our findings is that businesses and government agencies know that exchanging cyber threat intelligence will help secure the Internet more so than any other method or technology,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Yet what is really confounding is that while most of the people participating in the survey are clearly sharing cyberattack information, they know they aren’t doing it correctly or effectively.”
Other key findings in the survey include:
- Only 30 percent of respondents said they are very satisfied or satisfied in the way their organization is able to obtain threat intelligence. The primary reasons for dissatisfaction include the information is not timely, not categorized according to threat type or attacker and too complicated to ensure ease and speed of use.
- Despite 69 percent of respondents saying threat intelligence becomes stale within seconds or minutes, more than half said they receive information in increments of days, weeks or even months.
- Fifty-four percent of survey participants said they receive threat intelligence by phone, email or in-person. But they noted that current methods for sharing intelligence are slow, unreliable and unsecure.
- Sixty-two percent said current collaboration efforts are constrained by operating in a silo—such as by industry, geography or community.
- Sixty-seven percent of respondents approve of a real-time machine-to-machine way to exchange intelligence.
“This survey reinforced what we’ve been talking about for years; security experts know they need to share but they are largely stuck with legacy ways of sharing, like email and other unsecure methods within limited communities, that are hindering their effectiveness,” said IID President and CTO Rod Rasmussen.
“As an industry, we must find ways to encourage more machine-to-machine sharing and break out of the existing silos, or the bad guys will continue to beat us with their more effective and broader methods of exchanging intelligence,” Rasmussen added.