A new report, 'Importance of Cyber Threat Intelligence to a Strong Security Posture', reveals a greater reliance on threat intelligence as a viable enterprise cybersecurity defence.
Commissioned by Webroot, the Cloud-based, real-time internet threat detection solutions provider, and in partnership with the Ponemon Institute, the study indicates that most companies believe threat intelligence is essential for a well-rounded cybersecurity defence and has proven effective in stopping security incidents. However, improvements are necessary to make threat intelligence more timely, accurate and actionable in order to strengthen an organisation's security posture.
Key findings from the Cyber Threat Intelligence Study include:
- 40% of companies surveyed had a material security breach in the past 24 months, and 80% believe if they'd had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack
- Current cyber defence practices are not considered effective; only 36% of respondents rate their company's defence as strong
- Almost half of respondents are increasing the amount of intelligence data they receive to prevent or mitigate the consequences of an attack
- 56% say intelligence becomes stale within seconds or minutes, and indicate that the more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time
- 49% use 'fee-based' sources of intelligence, stating free sources are inadequate for comprehensive threat analysis, making it more difficult to prioritize threats
- In the next two years, one-third of respondents will increase their threat intelligence budget significantly
The new survey features perspectives from 693 IT and IT security professionals in the U.S., with sixty-one percent of respondents in the Fortune 1,000, Global 2,000 and the Forbes List of the Largest Private Companies. It concluded that companies see the potential benefits and importance of having cyber threat intelligence. However, participants are wary of the reliability of this intelligence, as well as its ability to be actionable. Further, respondents are also dissatisfied with perceived threat intelligence deficiencies, such as a surplus of alerts and false positives that make it difficult to respond to breaches.
"While the report found that spending on threat intelligence is expected to increase in the next two years, these resources do not necessarily translate to greater security, and it is critical that the information be timely, accurate and actionable to be effective," said Larry Ponemon, chairman and founder of Ponemon Institute. "The results of the study indicate that, while some companies have figured out how to leverage threat intelligence into a viable enterprise security defence, many more have not. But, given the rapidly changing threat landscape, we expect threat intelligence to evolve to the point that it will become a key component of IT security."
"Businesses are struggling to identify and stop new web threats because they must assess the risk of more unknown objects than before and the rate of change across the threat landscape is faster than their traditional security technologies can keep up with," said Patrick Kennedy, vice president of enterprise marketing at Webroot. "The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks."
What can organisations do?
To achieve a stronger security posture, organisations should consider integrating real-time threat intelligence into their security infrastructure in order to more quickly assess the risk of unknown IPs, URLs, files and mobile apps before they enter the IT environment. Combining this with experienced staff and appropriate incident response processes will increase an organization's ability to minimise or prevent serious security incidents.