sb-as logo
Story image

Cyber threat intelligence reaching maturity in organisations worldwide

07 Jul 2020

Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and sponsored by ThreatQuotient.

The 2020 SANS Cyber Threat Intelligence survey polled 1006 respondents, of whom 40.4% (406) had operations in APAC and 27.3% (275) in Australia & New Zealand.

The survey indicates that local organisations are investing more in cyber threat intelligence (CTI) programmes, with 49% of respondents stating they have a formal, dedicated team that focuses specifically on CTI.

Furthermore, 26.2% say CTI is part of a shared responsibility, and 8.8% say they have a single, dedicated person. Further down the scale, 7.1% plan to assign a person, 5.2% have no plans to assign a person, and 3.2% do not know.

Organisations are using CTI for three main use cases: threat detection (89%), followed by threat prevention (77%), threat response (72%) and threat mitigation (59%). Just under half (44%) of respondents say they have clearly defined threat intelligence requirements. 

“Organisations can use those requirements to set obtainable goals based on the intent behind the requirement. When looking at security and response use cases, these measurements can be mapped to overall defender-based metrics instead of simply tracking adversary metrics,” the report states.

Many organisations are using CTI specialist vendors for gathering intelligence, according to 68.9% of respondents. Others are members of information sharing and analysis centres (ISACs), in which organisations access timely and relevant threat information, as well as the ability to network with other organisations.

Respondents also rated their satisfaction areas in several key areas. Respondents are most satisfied with their ability to have visibility into threats (75%), search and report on those threats (73%) and have relevant threat data and information (72%).

Additionally, more than 40% of organisations say they both produce and consume threat intelligence data.

Organisations are facing common roadblocks such as skills gaps, automation, and a lack of ways to measure effectiveness.

According to the survey, 57% of respondents report a lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52% was the time to implement proper intelligence processes across the team.

Organisations are slow to adopt automation, with most tasks either manual or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents.

Furthermore, 4% of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on their requirements.

Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More