Cyberthreat intelligence (CTI) involves the collection, evaluation, verification and distribution of information about ongoing and emerging cyberthreats and attacks against network assets and infrastructure. It is becoming increasingly difficult and costly for organisations to defend against cyberattacks on their own, with more companies reaching out to their peers and other sources for threat intelligence data.
Here, Ashraf Sheet, Regional Director, Middle East and Africa at Infoblox, offers seven cyberintelligence insights from the Ponemon Institute’s third annual study on ‘Exchanging Cyber Threat Intelligence: There Has to Be a Better Way’, which surveyed 1,200 IT and cybersecurity practitioners in EMEA and the US.
- The #1 barrier to effective threat intelligence is internal silos among IT departments and lines of business. This finding indicates the importance of a centralised program and tools to make exchange of threat intelligence easier.
- A total of 60% of enterprises report that their threat intelligence goes stale within minutes. Lack of timeliness makes threat intelligence irrelevant. Only 9% of organisations say they receive threat intelligence in near real time.
- A total of 45% of enterprises investigate cyberthreats manually. This high percentage of manual cyberthreat investigations may contribute to the dissatisfaction with the quality of threat intelligence they’re obtaining. Manual threat investigation leads to slower incident response.
- Only 31% of organisations say their threat intelligence is actionable. This means that their CTI does not provide enough context for it to be actionable, making it ineffective for security operations.
- A total of 59% of enterprises report that their threat intelligence goes stale within minutes. Lack of timeliness makes threat intelligence irrelevant. Only 9% of organisations say they receive threat intelligence in near real time.
- Only 35% of organisations say their cyberthreat intelligence is accurate. Lack of accuracy of CTI is among the top three complaints of enterprises about their threat intelligence data. Working with inaccurate data makes it difficult for any team to make the right decisions.
- A total of 60% of enterprises are only somewhat satisfied or not satisfied with their cyberthreat intelligence. Despite the increase in the exchange and use of threat intelligence, most survey respondents are not satisfied with it. The inability to be actionable, timely and accurate are the most common complaints about their CTI.
There is a better way
Organisations worldwide must foster integrated cybersecurity solutions that enable teams to automate, consolidate and coordinate the sharing of up-to-date threat intelligence in order to detect cyberthreats earlier and remediate them faster and more comprehensively.