itb-au logo
Story image

Cyber threat intelligence reaching maturity in organisations worldwide

07 Jul 2020

Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and sponsored by ThreatQuotient.

The 2020 SANS Cyber Threat Intelligence survey polled 1006 respondents, of whom 40.4% (406) had operations in APAC and 27.3% (275) in Australia & New Zealand.

The survey indicates that local organisations are investing more in cyber threat intelligence (CTI) programmes, with 49% of respondents stating they have a formal, dedicated team that focuses specifically on CTI.

Furthermore, 26.2% say CTI is part of a shared responsibility, and 8.8% say they have a single, dedicated person. Further down the scale, 7.1% plan to assign a person, 5.2% have no plans to assign a person, and 3.2% do not know.

Organisations are using CTI for three main use cases: threat detection (89%), followed by threat prevention (77%), threat response (72%) and threat mitigation (59%). Just under half (44%) of respondents say they have clearly defined threat intelligence requirements. 

“Organisations can use those requirements to set obtainable goals based on the intent behind the requirement. When looking at security and response use cases, these measurements can be mapped to overall defender-based metrics instead of simply tracking adversary metrics,” the report states.

Many organisations are using CTI specialist vendors for gathering intelligence, according to 68.9% of respondents. Others are members of information sharing and analysis centres (ISACs), in which organisations access timely and relevant threat information, as well as the ability to network with other organisations.

Respondents also rated their satisfaction areas in several key areas. Respondents are most satisfied with their ability to have visibility into threats (75%), search and report on those threats (73%) and have relevant threat data and information (72%).

Additionally, more than 40% of organisations say they both produce and consume threat intelligence data.

Organisations are facing common roadblocks such as skills gaps, automation, and a lack of ways to measure effectiveness.

According to the survey, 57% of respondents report a lack of trained staff and skills associated with fully utilising CTI. The next leading issue at 52% was the time to implement proper intelligence processes across the team.

Organisations are slow to adopt automation, with most tasks either manual or semi-automated. More complex activities, such as reverse-engineering samples are a manual undertaking for 48% of respondents.

Furthermore, 4% of respondents had processes in place to measure the effectiveness of CTI, enabling to set obtainable goals based on their requirements.

Link image
Cloud telephony 101: The business case to replace on-prem phone systems
A growing number of organisations are using Microsoft Teams for cloud telephony, fully replacing legacy on-premises phone systems. Here are the benefits.More
Story image
IDC survey: Nearly 1/3 of data-ransomed businesses pay up
A Rubrik-commissioned A/NZ survey by IDC finds that despite only 6% saying they would pay ransomware attackers, the reality is quite different.More
Story image
Gigamon and Zscaler release cloud-first network detection for fluid workforces
“Our customers have significantly accelerated their digital transformation journeys during the pandemic, and this integration will help them better respond to threats.”More
Story image
Open source skills in hot demand despite economic uncertainty
"2020 has been a difficult year for all of us, but it's encouraging to see that open source continues to provide abundant opportunities," says Linux Foundation's Jim Zemlin.More
Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
The value of trust in the age of data breaches
Since it is practically impossible to avoid using the internet today, all parties are put under increasing pressure to implement better security practice to protect their personal information. More