Awareness of the role threat intelligence can play in improving cyber security may be growing, but some still remain unsold on its effectiveness, a new study has shown.
In a new report from the Ponemon Institute commissioned by Webroot, 80 percent of the IT professionals surveyed that had experienced a breach during the past two years said they felt threat intelligence would have helped prevent or minimize the consequences of the attack. The stat is telling, as 40 percent of the 693 people participating in the survey said their organization had been breached during that period.
However, the overall numbers tell a slightly different story. While 53 percent said threat intelligence was critical to having a strong security posture, 47 percent did not agree. According to the report, this may be due to the quality of threat intelligence, which in some cases has not evolved to the point where some consider it a critical component of IT security strategy.
In fact, later in the survey, many organizations indicated that while they are increasing the amount of intelligence data they consume, much of it is not considered all that useful. While 45 percent of respondents say they are increasing the amount of intelligence data they receive, just nine percent classified the accuracy of that intelligence as “very reliable.” In addition, on a scale of one to 10, with 10 being the best, 36 percent rated the accuracy of intelligence as a 3 or a 4.
Larry Ponemon, chairman of the Ponemon Institute, said one of the main misconceptions organizations have about threat intelligence is that technology alone is sufficient for having actionable and reliable information. Those companies underestimate the need for hiring experts to manage the process of using the intel, he said.
“This is especially the case when applying threat intelligence to big data analytics and SIEM that require a much greater knowledge and expertise in IT security,” he explained.
Companies also sometimes overlook the opportunity to improve the intelligence they receive by not working with their peers and sharing threat intelligence, he added.
“The financial services sector is an example of an industry that shares threat intelligence effectively because of the similarity in ways they are targeted and attacked,” he said. “In the study only 24 percent are exchanging threat intelligence with companies in the same industry.”
Still, 34 percent said their organizations plan to expand their threat intelligence budget signficantly during the next two years. Forty-nine percent of the companies using threat intelligence said they use “fee-based” services, with most (80 percent) believing they are better than free sources of intelligence. Only 15 percent said their process for using actionable intelligence from external sources – such as vendor-supplied threat feeds to predict malicious IP activity – is highly effective. Twenty-five percent of respondents said they are highly effective in using actionable intelligence from internal sources.
“Wider adoption of threat intelligence processes and solutions may occur when companies begin to look at the economics of reducing the consequences of an attack using real time monitoring tools,” Ponemon said. “Many companies may think it is too expensive to make such an investment without considering how much downtime and cost could be reduced by uncovering attacks that circumvent traditional defenses.”
Businesses are struggling to identify and stop new threats because they are being forced to assess the risk of more unknown objects than ever before and their traditional security technologies cannot keep up, Patrick Kennedy, vice president of enterprise marketing at Webroot, said in a statement.
“The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks,” he said.