Survey: Widening gap between threat intelligence capabilities and needs
Published 4 March 2021
While the concerns with cybersecurity have risen, threat intelligence capacities are still lagging behind, said a new report by Cybersixgill, a specialist in threat intelligence enablement, and Dark Reading, a cybersecurity news site.
The 2021 State of Threat Intelligence report found that deep and dark threat intelligence is gaining traction across the cybersecurity industry. Dark webs refer to the sites that are not accessible via public search and are often the criminal underground.
However, many from the industry are struggling with the lack of expertise regarding deep and dark web intelligence collection, the importance of intel freshness, the speed and rate of collections, as well as their overall impact on an organization’s cybersecurity programs and posture.
77 per cent of organisations have at least one dedicated threat intelligence analyst, and 54 per cent have more than five. Yet an overwhelming 48 per cent of organisations struggle with inaccurate data and 46 per cent with stale data.
More than half state they do not have access to closed and invite-only forums, and nearly a third said they do not receive threat intelligence from deep and dark web sources.
“The deep and dark web is the world’s third-largest economy after the US and China. In other words, if you’re a cybercriminal – you have to be there,” Meira Primes, CMO of Cybersixgill.
“Organizations are drowning in irrelevant data, false positives, and lack of ‘big picture’ understanding. Those who fail to adapt and act accordingly will not be able to advance their cyber defense strategy and protect their organization against cyber threats,” she adds.
The report surveyed 106 cybersecurity executives at large enterprises, covering various aspects of threat intelligence from common use-cases to operational challenges.
Additional findings include:
1. Multiple Breaches: 25 per cent of organisations have experienced six or more security breaches in the previous 12 months.
2. Long time to action: 35 per cent of organisations say it takes 12 hours or more to supplement new threat intelligence data with enough research to begin escalating and remediating incidents.
3. Drowning in data: 35 per cent of organisations use seven or more threat feeds at a time.
4. Time wasted on false Positives: 95 per cent of organisations waste anywhere from one hour to five days per week per analyst on false positives.
5. Obsolete data impacting almost half of the organisations: 48 per cent of organizations struggle with inaccurate threat intelligence data and 46 per cent with stale data.
6. Lack of context: 40 per cent of organisations cite lack of context as the biggest source of dissatisfaction in threat intelligence.
The report suggests that cybersecurity professionals need to shift the way they approach threat intelligence.
One way of doing so is to implement a modern methodology that includes automating the collection, analysis, research, and response in order to minimize the amount of manual labor it takes to truly operationalise threat intelligence.
In addition, the report recommends a set of baseline criteria for enterprises evaluating threat intelligence feeds. Intelligence, the research shows, should be continuous, iterative, contextual, and operationally integrative.