Cyber threat intelligence reaching maturity in organisations worldwide
Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and sponsored by ThreatQuotient.
The 2020 SANS Cyber Threat Intelligence survey polled 1006 respondents, of whom 40.4% (406) had operations in APAC and 27.3% (275) in Australia & New Zealand.
The survey indicates that local organisations are investing more in cyber threat intelligence (CTI) programmes, with 49% of respondents stating they have a formal, dedicated team that focuses specifically on CTI.
Furthermore, 26.2% say CTI is part of a shared responsibility, and 8.8% say they have a single, dedicated person. Further down the scale, 7.1% plan to assign a person, 5.2% have no plans to assign a person, and 3.2% do not know.
Organisations are using CTI for three main use cases: threat detection (89%), followed by threat prevention (77%), threat response (72%) and threat mitigation (59%). Just under half (44%) of respondents say they have clearly defined threat intelligence requirements.
“Organisations can use those requirements to set obtainable goals based on the intent behind the requirement. When looking at security and response use cases, these measurements can be mapped to overall defender-based metrics instead of simply tracking adversary metrics,” the report states.
Many organisations are using CTI specialist vendors for gathering intelligence, according to 68.9% of respondents. Others are members of information sharing and analysis centres (ISACs), in which organisations access timely and relevant threat information, as well as the ability to network with other organisations.
Respondents also rated their satisfaction areas in several key areas. Respondents are most satisfied with their ability to have visibility into threats (75%), search and report on those threats (73%) and have relevant threat data and information (72%).
Additionally, more than 40% of organisations say they both produce and consume threat intelligence data.
Organisations are facing common roadblocks such as skills gaps, automation, and a lack of ways to measure effectiveness.
According to the survey, 57% of respondents report a lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52% was the time to implement proper intelligence processes across the team.
Organisations are slow to adopt automation, with most tasks either manual or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents.
Furthermore, 4% of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on their requirements.