Cyber threat intelligence (CTI) involves the collection, evaluation, verification and distribution of information about ongoing and emerging cyber threats and attacks against network assets and infrastructure. It is becoming increasingly difficult and costly for organizations to defend against cyberattacks on their own. More companies are reaching out to their peers and to other sources for threat intelligence data.
Below are seven Cyber Intelligence insights from the Ponemon Institute’s Third Annual Study on ‘Exchanging Cyber Threat Intelligence: There Has to Be a Better Way’. 1200 IT and cybersecurity practitioners were surveyed in the EMEA and US.
The #1 barrier to effective threat intelligence is internal silos among IT departments and lines of business. This finding indicates the importance of a centralized program and tools to make exchange of threat intelligence easier.
60% of enterprises report that their threat intelligence goes stale within minutes. Lack of timeliness makes threat intelligence irrelevant. Only 9% of organizations say they receive threat intelligence in near real time.
45% of enterprises investigate cyber threats manually. This high percentage of manual cyber threat investigation may contribute to the dissatisfaction with the quality of threat intelligence they’re obtaining. Manual threat investigation leads to slower incident response.
Only 31% of organizations say their threat intelligence is actionable. This means that their CTI does not provide enough context for it to be actionable, making it ineffective for security operations.
59% of enterprises report that their threat intelligence goes stale within minutes. Lack of timeliness makes threat intelligence irrelevant. Only 9% of organizations say they receive threat intelligence in near real time.
Only 35% of organizations say their cyber threat intelligence is accurate. Lack of accuracy of CTI is among the top three complaints of enterprises about their threat intelligence data. Working with inaccurate data makes it difficult for any team to make the right decisions.
60% of enterprises are only somewhat satisfied or not satisfied with their cyber threat intelligence. Despite the increase in the exchange and use of threat intelligence, most survey respondents are not satisfied with it. The inability to be actionable, timely and accurate are the most common complaints about their CTI.
There Is a Better Way
Organizations worldwide must foster integrated cybersecurity solutions that enable teams to automate, consolidate, and coordinate the sharing of up-to-date threat intelligence in order to detect cyber threats earlier and remediate them faster and more comprehensively.