How to Use Threat Intelligence Intelligently
-
How to Use Threat Intelligence Intelligently
The smart use of intelligence sharing could minimize the impact of cyber-attacks, but a lack of trust often inhibits organizations from benefiting from intelligence sharing. -
Smart Use of Threat Intelligence
64% of respondents said they believe threat intelligence could have prevented or minimized consequences of cyber-attacks they experienced in the last 24 months. In 2014, the percent was 61%. -
Exchanging Threat Intelligence Makes Sense
75% of respondents believe exchanging threat intelligence improves their security posture. 63% say it's good for the United States' critical infrastructure. -
Timeliness of Threat Intelligence Is Key
Timeliness makes threat intelligence the most actionable. Next comes the ability to prioritize and the trustworthiness of the source. -
Shelf-Life of Threat Intelligence
Although 89% of respondents believe threat intelligence has a shelf-life of hours or less, 79% refresh their data in daily or longer increments. -
Free Sources Are Biggest Threat Intelligence Source
The biggest source of threat intelligence is resources, yet 46% of respondents say they cannot prioritize threats. 39% have no confidence in free sources and 35% also say these resources offer no context. -
Liability Stymies Exchange of Threat Intelligence
The main inhibitors for exchanging threat intelligence are liability issues, lack of trust in sources and lack of resources. -
Movement Toward Centralized Program, Dedicated Team
Silos are a major barrier to effective collaboration. Centralizing control over the exchange of threat intelligence is rising and might address the silo problem. -
How Organizations Exchange Threat Intelligence
65% of respondents say intelligence is most often shared through informal peer-to-peer exchanges, an increase from 57% in last year's study. Use of vendor threat exchange services has decreased year-over-year from 53% to 45% of respondents who rely on vendors. -
Exchange Really Means Exchange
More respondents use and provide threat intelligence, in nearly equal proportion, compared to last year—42% versus 36%. -
Main Sources of Threat Intelligence
The main sources of threat intelligence continue to be IT security vendors and peers in other companies. Law enforcement and government officials as sources remain low and have even decreased since last year. -
How Threat Intelligence Is Received
63% of respondents receive threat intelligence through data feeds, 59% get it through peer group discussion on the phone, email or in person. 51% get it from threat advisories.
A new survey finds 47 percent of companies and government agencies have been breached since 2013 and that cyber-intelligence could have prevented (or minimized) the consequences of those attacks. The survey was sponsored by IID and conducted by the Ponemon Institute. "The amount of large organizations that have been breached online is eye-opening, but what is equally interesting is the fact that IT and security professionals know what they need to stop the cyber-attacks yet they are not doing so," said IID vice president of marketing, Mark Foege. "We must continue to work together as an industry to make threat intelligence as timely, relevant and actionable as possible, or else the bad guys will continue to infiltrate large businesses and governments worldwide." The second annual survey polled 692 IT and IT security professionals from global businesses and government agencies. They answered more than three dozen questions about threat intelligence sharing. Most organizations have more than 1,000 employees and are in the financial services, public sector and health and pharmaceuticals industries.