COVID-19 pandemic propels uptake of cyber threat intelligence
The COVID-19 pandemic is pushing organisations of all sizes to up their security game, for one implementing Cyber threat intelligence (CTI) programmes.
This is according to new data from the 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient.
It reveals how cyber threat intelligence (CTI) has grown and matured in the past year, highlighting a clear uplift in CTIs adoption and perceived value.
Due to the increased likelihood of cyber attacks, organisations of all sizes with operations in Australia and New Zealand, and Asia, are increasingly looking to implement CTI programmes to build a proactive defence posture and for their response teams to stay one step ahead of adversaries, the data shows.
Key findings include the impact of remote and hybrid work setups, the value for SMEs, the benefits of community and government intel, and the power of automation.
Remote working impacts CTI programmes
Impact of WFH: 20% of respondents said the mass move to WFH and sharp rise in COVID-related phishing and ransomware attacks forced their organisation to get proactive in their cyber response as adversaries took advantage of the disruption and increased attack surface.
Increased attack surface: Respondents identified WFH threats such as phishing, lost or stolen devices, home networking equipment, malware, accidental release of sensitive data information, and employees having unauthorised access to business assets, as playing a big part in how their implementation of CTI changed.
This effectively expanded the attack surface of organisations, with employees leaving the confines of their organisations cyber protections.
Impact of working remotely: Responses revealed that remote working helped teams be more focused and collaborative, while the use of text-based platforms helped facilitate communication between teams.
Some respondents identified the loss of face-to-face conversations inhibited sharing between teams.
Organisations also reported an increase in awareness of how the pandemic impacted their employees, fostering an understanding that while many enjoyed working from home, CTI analysts found it difficult to shut down and take breaks when the office is your home.
SMEs increasingly see value from CTI
CTI no longer for the top 1% of organisations: 24% of respondents work in organisations with under 500 employees and 47% in companies of less than 5,000 employees across cybersecurity, banking and finance, government and technology the leading industries.
CTI provides relevant threat intel: When asked about the usefulness of CTI, 63% of respondents said CTI provided them with timely and relevant threat information about adversary groups in their industry and location, while 50.7% said CTI provided them with information about who the threat actors are or who performed the attach (true attribution), up 2.7% from the previous years survey.
CTI Improves response capabilities: 77% said CTI improved their detection and response capabilities, 78% labelled CTI data and information as being leveraged to detect threats and attacks, with 70% using CTI in helping to block threats and 66% for supporting their incident response.
Measuring CTI effectiveness becomes more important: 38% of respondents said they measured effectiveness, up from 4% in 2020, showing how the value of CTI functions is continuing in organisations of all sizes.
Intel sharing provides greater value
Community-focused intel sharing: Almost 50% of respondents said they are a part of an ISAC or other government intel sharing group since last year.
Security practitioners see the value in interacting with ISACs with 48.3% of respondents saying they interact and/or their organisation is a member of one.
Government intel sharing sees value: 61% of respondents reported they utilised government CTI, almost half of those respondents (49%) said they find this intel valuable providing insight they do not get from other open source or commercial sources.
ISAC membership provides value: The survey revealed increases in three specific areas in intel sharing: advocacy in the community for security (50%), member meetups and events (50%), and training & conferences (47%).
Automation empowers analysts and teams
Automation increases efficiency: 65% of respondents reported they were overall satisfied with the automation and integration of CTI information with detection and response systems, an increase on the 2020 surveys 62%.
Lack of trained personnel inhibits effective CTI implementation: The importance of automation is further compounded by the shortage in trained staff, which continues to be one of the biggest obstacles to the implementation of CTI, according to 53% of respondents.
In-house cyber response teams increase: The trend toward hybrid-model teams over the past 5 years has shifted back, with organisations taking charge in the management of their CTI functions, with in-house teams growing 5% from 2020 to 37%, and hybrid models decreasing 5% from 2020, to 56% in 2020.
ThreatQuotient APJC regional director Anthony Stitt says, “The 2021 SANS Cyber Threat Intelligence survey offers strong evidence that CTI is increasing in adoption and is proving its value to a greater number of organisations of all sizes.
"When threat intelligence is effectively collected, integrated, automated, prioritised and shared between analysts and wider stakeholders, organisations become more agile and effective at addressing the threats they face.
"Now, more than ever, the uncertain cyber and physical environment and new threats emerging out of the disruption of COVID-19 pandemic mean that intelligence analysts need to share best practice data and strategies to overcome threats.”