Unveiling the key findings of the SANS Institute 2024 Cyberthreat Intelligence Survey

Unveiling the key findings of the SANS Institute 2024 Cyberthreat Intelligence Survey

Survey reveals critical trends in geopolitical impact, Artificial Intelligence (AI) adoption and threat hunting within CTI teams.

SANS Institute, a global leader in cybersecurity training, has published the 2024 Cyberthreat Intelligence (CTI) Survey, authored by renowned cybersecurity experts, SANS Certified Instructor Rebekah Brown and SANS Instructor Candidate Andreas Sfakianakis. With a dramatic rise in covert activities, cloud breaches and AI-driven attacks, the insights from this survey are vital for CISOs, CIOs and security professionals looking to stay ahead of adversaries. Understanding the latest trends and preparing for emerging threats can help organisations protect their digital assets and maintain trust with customers and stakeholders​.

SANS Certified Instructor, Rebekah Brown

As cyberthreats continue to evolve in complexity and sophistication, this year’s survey highlights pivotal insights that are essential for organisations aiming to bolster their defences with groundbreaking insights into the evolving threat landscape, with a focus on the significant influence of geopolitical events, the burgeoning role of Artificial Intelligence and the emerging dominance of threat hunting within CTI teams.

Geopolitical and regulatory influences

Geopolitics and new regulations are profoundly shaping CTI team activities. “The increasing frequency and complexity of global conflicts have made it essential for CTI teams to broaden their focus beyond internal issues,” said Brown. “Our survey shows that 77.5% of respondents recognise the significant impact of geopolitics on their intelligence requirements, highlighting the need for adaptive and informed responses to external threats.” Additionally, 74% of respondents emphasise the importance of adapting to new regulations, underscoring the necessity for CTI teams to stay compliant with evolving legal landscapes.

Rise of threat hunting

For the first time, threat hunting has emerged as the top use case for CTI. This proactive approach to detecting unidentified threats has seen substantial reliance on the MITRE ATT&CK framework, with over 95% of respondents utilising it for categorizing and communicating tactics, techniques and procedures (TTPs). “The prominence of threat hunting reflects a strategic shift in how organisations are leveraging CTI,” Sfakianakis noted. “This approach not only enhances detection capabilities but also strengthens overall security posture.”

SANS Instructor Candidate, Andreas Sfakianakis

Impact of Artificial Intelligence

AI is making significant inroads in CTI, with nearly one-quarter of respondents already leveraging AI in their programs and another 38% planning to adopt it. “Artificial Intelligence is becoming a crucial tool for CTI teams, helping analysts prioritise and process vast amounts of information through advanced scoring and summarization techniques,” said Brown. However, she also highlighted the growing concern about the adversarial use of AI, stressing the importance of preparing for AI-driven threats.

Integration via Threat Intelligence Platforms (TIPs)

The survey highlights the critical role of Threat Intelligence Platforms (TIPs) in integrating CTI into the security stack. A notable 58% of participants reported incorporating CTI into their detection and response controls through TIPs’ built-in integration capabilities. “The mature state of TIPs demonstrates their effectiveness in disseminating threat intelligence across security tools, enhancing the overall efficiency of CTI programs,” Sfakianakis explained.

CTI in vulnerability management

The role of CTI in vulnerability management has seen a significant increase, with 66% of respondents now using CTI to pinpoint actively exploited vulnerabilities. This marks a rise from 54% in 2017, demonstrating CTI’s pivotal role in prioritising patches and supporting vulnerability remediation efforts. “Our findings highlight the growing reliance on CTI for operational purposes in vulnerability management, with 83% of respondents considering it essential for identifying and addressing critical vulnerabilities,” Brown said.

Browse our latest issue

Intelligent CISO

View Magazine Archive