Threat intelligence: The biggest blind spot for CISOs

More than 90 percent of CISOs rely on outdated, report-based threat intelligence that is often too old to inform decisions, according to Cybersixgill.

The survey also found that 77 percent of CISOs said that metrics related to the efficiency of incident response and response bottlenecks were key performance indicators.

The survey of 150 CISOs at firms with at least 10,000 employees or $1 billion in revenue was conducted by Global Surveyz in February and March 2021 to foster a better understanding of the state of threat intelligence, and the focus that today’s companies are placing on these vital technologies.

The report showed that executives are acutely aware of their blind spots, because the tools that offer better visibility also impact the metrics on which they are judged by boards and CEOs.

“Threat intelligence is quickly becoming the epicenter of key cybersecurity programs including vulnerability management, yet one in three CISOs identifies threat intelligence and one out of five identifies vulnerability management as their biggest blindspots,” said Meira Primes, CMO, Cybersixgill.

“Boards should encourage CISOs and their teams to explore new approaches, such as agile threat intelligence, to tackle these challenges more effectively.”

CISOs common concerns

• 59 percent of CISOs believe that quantifying risk and balancing risks against costs is a chief concern among boards of directors
• Internal factors, such as the ability to comply with regulations and professional knowledge gaps, rank among the most common concerns for CISOs, at 60 percent and 41 percent, while 39 percent of respondents said hackers were a chief concern
• 85 percent of respondents oversaw cybersecurity budgets of $1 million, while 56 percent oversaw budgets of $2 million
• 97 percent said they expected their cybersecurity teams would grow in 2021. Most said they would grow by less than 10 percent, but seven percent said they would grow by more than 20 percent.

Despite massive changes in business operations and security priorities over the past year, CISOs noted that their biggest knowledge gaps were around threat intelligence processing (37 percent) and vulnerability management (21 percent). Only 11 percent of CISOs admitted COVID-19 related knowledge gaps were their largest concern.

“This research clearly depicts the concerns and priorities of CISOs at some of the largest companies in the world,“ continued Meira. “What we found is that there is a consistent need for enterprises to adopt automated, iterative, and continuous intelligence-driven processes in order to evolve and meet today’s security challenges.”