Cyber threat intelligence: Perception and use
Most companies believe threat intelligence is essential for a well-rounded cybersecurity defense and has proven effective in stopping security incidents, according to a survey by Webroot and the Ponemon Institute. However, improvements are necessary to make threat intelligence more timely, accurate and actionable in order to strengthen an organization’s security posture.
Key findings include:
- 40% of companies surveyed had a material security breach in the past 24 months, and 80% believe if they’d had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack
- Current cyber defense practices are not considered effective; only 36% of respondents rate their company’s defense as strong
- Almost half of respondents are increasing the amount of intelligence data they receive to prevent or mitigate the consequences of an attack
- 56% say intelligence becomes stale within seconds or minutes, and indicate that the more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time
- 49% use “fee-based” sources of intelligence, stating free sources are inadequate for comprehensive threat analysis, making it more difficult to prioritize threats
- In the next two years, one-third of respondents will increase their threat intelligence budget significantly.
The new survey features perspectives from 693 IT and IT security professionals in the U.S., with sixty-one percent of respondents in the Fortune 1,000, Global 2,000 and the Forbes List of the Largest Private Companies. It concluded that companies see the potential benefits and importance of having cyber threat intelligence.
However, participants are wary of the reliability of this intelligence, as well as its ability to be actionable. Further, respondents are also dissatisfied with perceived threat intelligence deficiencies, such as a surplus of alerts and false positives that make it difficult to respond to breaches.
“While the report found that spending on threat intelligence is expected to increase in the next two years, these resources do not necessarily translate to greater security, and it is critical that the information be timely, accurate and actionable to be effective,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The results of the study indicate that, while some companies have figured out how to leverage threat intelligence into a viable enterprise security defense, many more have not. But, given the rapidly changing threat landscape, we expect threat intelligence to evolve to the point that it will become a key component of IT security.”