Raw threat data is not effective, it’s time for threat intelligence

A new Ponemon Institute survey includes insight from 692 IT and IT security professionals from both global businesses and government agencies, who answered more than three-dozen questions around threat intelligence sharing. The majority of organizations where those employees work have more than 1,000 employees.


When asked, “Did your company have a material security breach in the past 24 months,” 47 percent of those surveyed said yes. Survey participants also asserted that threat intelligence information that has been analyzed and refined so that it is useful in hindering cyberthreats could have prevented those cyberattacks.

Specifically, 65 percent said that they believed threat intelligence could have prevented or minimized the consequences of a cyberattack they had suffered in the last 24 months. When asked the same question in the 2014 survey, 61 percent said yes.

“It is becoming more and more apparent that raw threat data is not effective. Just like the bad guys share ways to carry out their attacks, organizations must also share actionable and timely ways to stop threats,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “It is also clear that it is impossible for one organization to harvest that threat intelligence on their own as evidenced by the fact that 83 percent of people we surveyed exchange threat intelligence.”

Other key findings in the survey include:

Exchanging threat intelligence is imperative and good for the U.S.
Seventy-five percent of respondents believe exchanging threat intelligence improves their organization’s security posture and 63 percent say it’s good for the United State’s critical infrastructure.

Timeliness is the most important threat intelligence quality
Respondents said timeliness makes threat intelligence the most actionable followed by the ability to prioritize and trustworthiness of the source. Despite 89 percent believing threat intelligence has a shelf life of hours or less, 79 percent refresh their data in increments of daily or longer.

Most using free sources, but not confident in data
The biggest source of threat intelligence is free sources. Yet 46 percent say they cannot prioritize threats with, 39 percent they have no confidence in and 35 percent they have no context with free sources.

Issues are still stopping the exchange of threat intelligence
The main inhibitors for exchanging threat intelligence are potential liability issues, lack of trust in sources and lack of resources.

Don't miss