CISOs call for operational threat intelligence integration
98% of CISOs face challenges when using threat intelligence, according to Trellix. The biggest problems are keeping up with changing threats, integration difficulties, and regulatory rules.
As a result, threat intelligence defaults to a reactive function within a workstream, rather than an embedded, proactive strategy to build resilience, accelerate response, and stay ahead of threats.
“Global threat detection volume from APT actors rose 45% at the beginning of this year, and CISOs are now tasked with staying ahead of these adversaries who are becoming more organized, well-resourced, and faster, partially due to the growing use of AI,” said John Fokker, Head of Threat Intelligence, Trellix.
“Moving beyond a traditional tactical approach to utilizing operational threat intelligence allows CISOs to better understand the behaviors and objectives of threat actors, anticipate potential threats, and proactively prepare defense strategies,” Fokker continued.
The impact of nation-state threats
CISOs are focused on addressing nation-state threats, with 89% asked about these threats by their CEO and/or the board, further impacting their cybersecurity strategy and budget. The majority report their organization’s cybersecurity budget (85%) and cybersecurity strategy (87%) are influenced by the volume of nation-state threats.
Shifting threat intelligence from tactical to operational
94% of CISOs agree threat intelligence is essential for identifying and mitigating emerging cybersecurity threats. Still, the majority report their organizations’ approaches to collecting, analyzing, incorporating, and monitoring threat intelligence require significant improvements or a complete overhaul.
Organizations with a proactive approach to threat intelligence are more likely to use advanced threat detection technologies over the next 12 months, highlighting how a forward-leaning approach impacts technology decisions and, in turn, resilience. This further underscores the need to move beyond a reactive approach with siloed applications of threat intelligence.
Driving threat defense with AI and automation
33% of CISOs agree AI-driven analytics and increased levels of automation (37%) would help them perform their responsibilities more effectively, with 28% reporting limited automation makes it difficult to integrate tools into their threat intelligence programs. This highlights the importance of AI and automation investments in optimizing cyber response strategies.
The value of peer communities
Most CISOs agree that being part of a threat intelligence sharing community helps them better prepare for threats. They also believe that a strong CISO network allows security leaders to make better decisions by sharing insights and experiences. As the role becomes more complex, peer collaboration is essential for success.
Operational threat intelligence in practice
Organizations leverage operational intelligence to understand the broader context of cyber attacks, like threat actor motivations and methods being used. This enables security teams to anticipate and prepare for specific types of attacks, which is why adopting threat intelligence as a strategic capability is important.
With 60% of organizations yet to integrate threat intelligence into their wider cybersecurity strategy, the time for action is now if organizations are to keep pace with nefarious actors and limit risk.
Commitment is needed across the industry to close the threat intelligence gap. CISOs must move beyond reactive threat intelligence to strategically position it within their cybersecurity playbooks, and to do so, they’ve asked for more integrated systems, innovative tooling, and stronger community collaboration.
Organizations must support their CISOs and prioritize these investments to maintain resilience and reduce risk. Policymakers should look to modernize intelligence sharing frameworks, deepen public-private sector collaboration, and accelerate AI adoption in national cyber infrastructures.